On  deck  for  McData  Director-level  switch  expected 

next  week  is  called  key  to  storage  consolidation.  PAGE  8. 


Mobile  challenge  Growing  use  of  smart  phones  is 

putting  network  architects  to  the  test  PAGE  21 . 
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CLEAR  CHOICE 


TEST 


VoWi-R 

Of  four  vendors  tested, 
only  Aruba  came  through 
loud  and  clear.  Page  38. 

Consumer 
show  meets 
net  world 


■  BY  JOHN  COX 

LAS  VEGAS  —  Beyond  the 
high-end  home  theater  speaker 
systems,  paper  shredders,  ad¬ 
vanced  sewing  machines  and 
electrical  adapters,  the  Con¬ 
sumer  Electronics  Show  2005 
last  week  was,  at  least  in  part, 
about  taking  networks  to  the 
next  level.  CES  is  a  gigantic  lab¬ 
oratory  of  2,400  vendors  trying 
to  figure  out  what  you  can  do 
with  a  world  of  digitized  infor¬ 
mation. 

The  keynote  speech  by  Micro¬ 
soft  Chief  Software  Architect 
Bill  Gates  unintentionally  re¬ 
vealed  a  theme  familiar  to  net¬ 
work  executives:  Experiments 
don’t  always  work.  In  a  mock 
episode  of  “Late  Night  with  Con¬ 
an  O’Brien,”  Gates  talked  about 
his  vision  of  a  “digital  life  style.” 

See  GES,  page  16 


A  look  into  the  future 


Venture  capitalist 
offers  look  at  '05 
hot  spots. 

■  BY  HOWARD  ANDERSON, 
Senior  Managing  Director, 
YankeeTek  Ventures 

Let’s  get  right  to  it.  Let’s  see  what 
this  year  portends: 

1.  2005  will  be  worse  than  ’04 
for  technology  companies,  but 
not  bad.  What  do  you  mean  you 
didn’t  notice  last  year’s  recovery? 

2.  PC  growth  will  be  in  double 
digits,  but 
barely  — 
good  for 
Dell,  good 
for  HP  It’s 
time  to 
trade  up. 
Still,  the 
market 

growth  will  be  only  two-thirds  of 
what  it  was  in  2004.  Aren’t  you 
embarrassed  by  your  Sony  Viao, 
and  don’t  you  really  want  to 
upgrade? 

3.  Cell  phones  are  booming;  we 
will  soon  hit  1.5  billion  world¬ 
wide.  New  data  services  will 
abound,  and  you  will  find  a  rea¬ 
son  to  upgrade.  But  cell  phone 
growth  will  only  be  10%  more 

See  Anderson,  page  12 


Mergers,  VoIP,  open  source,  outsourcing  to  dominate  news. 


BY  ANN  BEDNARZ  AND  JENNIFER  MEARS 


*  M 


What’s  in  store  for  2005? 

Well,  industry  experts  say  to  expect  net¬ 
work  industry  merger  activity  —  nearly  $60 
billion  worth  of  which  took  place  in  one 
week  last  month  —  to  continue  unabated,  and 
don’t  be  surprised  if  this  turns  out  to  be  the  year 
enterprise-scale  VoIP  makes  it  to  the  mainstream. 
Look  for  licensing  issues  to  be  top  of  mind  as  ven¬ 
dors  iron  out  the  impact  of  server  enhancements  on 
application  pricing. You  might  even  catch  a  glimpse 
of  Microsoft’s  long-awaited  Longhorn  software,  albeit 
in  beta  only 

Analysts  also  expect  to  see  increased  emphasis  on 
server  consolidation,  open  source  projects,  offshore 
outsourcing  and  regulatory  compliance. 

There  might  be  fewer  vendors  to  choose  from  in 
2005  if  merger  and  acquisition  activity  does  carry 
on, but  the  result  could  be  broader,  more  integrated 
offerings  from  the  vendors  that  remain. Those  offer¬ 
ings  could  change  the  way  IT  executives  fill  out 
their  data  centers,  secure  their  networks  and  link 
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their  far-flung  sites. 

“It’s  clear  2005  will  be  a  really  interesting, 
exciting  and  challenging  time  for  our 
industry  says  Frank  Gens,  senior  vice  pres¬ 
ident  of  research  at  IDC.  He  predicts 
“almost  boringly  moderate”  IT  spending 
growth  of  about  6%,  but  adds  that  “we  will  be 
dealing  with  an  environment  that’s  all  about  conver¬ 
gence  of  individual  siloed  market  segments.” 

On  the  M&A  front,  BEA  Systems  will  be  among  the 
first  companies  acquired, predicts  Frank  Dzubeck  of 
Communications  Network  Architects.  A  logical 

See  Future,  page  10 


More  insights  for  the  year  ahead: 

•  IT  spending  outlook:  Keep  pinching  those  pennies.  Page  10. 


Forget  about  sleeping:  It’s  Patch  Tuesday 

Microsoft’s  monthly  patch  release  triggers  a 
race  between  hackers,  vendors  and  customers. 


■  BY  LINDA  LEUNG 

The  engineers  at  vulnerability  testing  tool  vendor  nCircle 
spend  $100  per  month  at  the  coffee  shop  in  the  lobby  of 
their  office  building  in  downtown  San  Francisco.  But  there 
is  one  day  each  month  when  a  trip  to  the  cafe  is  more  urgent 
than  at  any  other  time:  Patch  Tuesday 
As  anyone  involved  in  running  a  Windows  network  knows,  this 
falls  on  the  second  Tuesday  of  the  month  and  is  the  day  when 
Microsoft  announces  product  vulnerabilities  and  releases  patch¬ 
es  for  them.  For  the  nCircle  engineers,  it’s  the  start  of  a  very  long 

See  Tuesday,  page  53 
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Middleware  is  Everywhere 


MIDDLEWARE  IS  IBM  SOFTWARE.  The  IBM 

TotalStorage®  Open  Software  Family.  It  automatically 
helps  manage  and  optimize  highly  complex  storage 
environments.  By  centralizing  information.  By  fully  utilizing 
resources.  By  simplifying  data  compliance.  Help  slash 
long-term  storage  costs.  On  demand.  Comprehensive, 
reliable  storage  management  solutions  from  IBM. 


1.  Statistics  from  Asia  retrieved  quickly. 

2.  Paris  client’s  portfolio  accessed  securely. 

3.  Critical  information  archived  automatically. 

4.  Data  kept  within  compliance  guidelines. 

5.  Optimized  storage  supports  heavy  volume. 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/resource 
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Introducing  the  EtherScope™  Network  Assistant 


Link  1000Mb  full  duplex 


Connection 


39520 

19512 


IHiMll: 


*  UTILIZATION 
COLLISION 
ERROR 
TRANSMIT 


vork 

EtherScope 

NE  WORK  ASSISTANT 


Ku:  Test  Results 
2 _ _ _ _ _ _ _ 


Restart  all 


Details 


IP: 

010.248  001.121 

Mask: 

255.255  255.000 

MAC: 

FLUKE- C00045 

Service: 

802  3 

Actual: 

Speed 

1000Mb 

Advertised:  1000Mb 

Actual: 

Duplex 

Full 

Advertised:  Full  only 

EtherScope1'' 
Network  Assistant 


-  your  eyes  into  the  network  to  help  you  spot 
problems  and  solve  them  faster  than  ever.  You 

don't  have  time  for  trial  and  error.  Or  methods 
that  only  provide  part  of  the  picture.  That's  why 
Fluke  Networks'  new  EtherScope  analyzer,  with  its 
immediate  discovery  and  fast  diagnostics,  helps 
you  quickly  isolate  urgent  problems  on  your  giga¬ 
bit  network  as  well  as  those  nagging  issues  that 
may  be  keeping  it  from  performing  at  optimum 
level.  Fast.  Accurate.  EtherScope.  So  you'll  have 
more  time  to  get  to  the  several  dozen  items  on 
your  "to  do"  list.  Visit  our  web  site  and  check  out 
the  virtual  demo.  Then  request  a  test  drive  in  your 
office  -  on  your  network.  Decide  for  yourself 
whether  or  not  EtherScope  Network  Assistant  will 
be  your  next  new  hire. 


Your  network  assistant  is  waiting 
to  show  you  what  it  can  do  to  help 
make  your  job  easier.  Just  go  to 


www.flukenetworks.com/escope 
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and  take  a  tour  of  the  virtual  demo. 


NETWORKSUPERVISION™ 


•  •  •  • 


*2004  Fluke  Corporation.  All  rights  reserved.  01868 
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News 


8  McDatato  unveil  Fibre  Channel  director. 

8  Matisse  Networks  develops  distributed  switch. 

10  Another  year  for  moderate  spending. 

14  27-year  UPS  veteran  Dave  Barnes  assumes  CIO  role. 
14  Wireless  group  studies  ‘Super  3G’  standard. 

14  NT  holdouts  paying  a  price. 


Net  Infrastructure  NetWorker 


GOBIT  to  the  rescue:  COBIT  is  a  proven  standard  that  can  help  with  compliance, 
business  accountability  and  auditing.  Page  37. 


CLEAR  CHOICE  @ 
TEST 


Voice  over  WLAN 


■  17  NIST  mulls  new  WLAN 
security  guidelines. 

■  17  Texas  A&M  probes  traffic 
for  assaults,  faults. 

■  18  Extreme  switch  packs  speed, 
reliability. 

Enterprise 

Computing 

■  21  Users,  firms  at  odds  on 
mobile  devices. 

■  21  Carriers  increase  companies' 
control  over  handhelds. 

■  22  Apple  delivers  SAN  system. 

■  22  Dave  Kearns:  Taking  a 
look  at  the  year  ahead. 

Application 
Services 

■  25  E-billing  adopters  find 
rewards. 

■  25  Microsoft  scrubs  security 
component  for  Exchange. 

■  26  Scott  Bradner: 

Predictions  with  the  world  in  mind. 

Service  Providers 

■  27  FCC  set  to  auction  PCS 
licenses. 

■  27  Johna  Till  Johnson: 

Gazing  into  the  2005  carrier  crystal 


■  30  What’s  ahead  for  Vonage  in 
2005? 

Technology  Update 

■  31  Identified  Internet  Mail 
combats  fraud. 

■  31  Steve  Blass:  Ask  Dr. 

Internet. 

■  32  Mark  Gibbs:  Dealing 
with  hot  spots. 

■  32  Keith  Shaw:  Solving 
Gearhead’s  'hot  spots.' 

Opinions 

■  34  On  Technology:  Ten 

predictions  for  '05. 

■  35  Chuck  Yoke:  DSL:  The 
best  (and  worst)  of  times. 

■  35  James  Kobielus: 

Taming  the  XML  beast. 

■  54  BackSpin:  Divine 
divination. 

■  54  'Net  Buzz:  Anyone  can 
make  2005  predictions . . .  let's 
talk  about  2015. 

Management 

Strategies 

■  42  Diageo  distills  IS  leaders:  The 
alcoholic  beverage  company's  career 
development  program  pushes  staff 
to  excel. 


■  CONTACT  US  Network  World,  118Turnpike  Road,  Southborough,  MA 
01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438;  E-mail:  nwnews@ 
nww.com;  STAFF:  See  the  masthead  on  page  16  for  more  contact  informa¬ 
tion.  REPRINTS:  (717)  399-1900 

SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444;  Fax: 
(508)  490-6400;  E-mail:  nwcirc@nww.com;  URL;  www.subscribenw.com 


To  hear  the  vendors  tell  it,  voice  over  wireless  is  the  next  big  thing.  But  don't  jump 
in  just  yet.  In  our  first-ever  test  of  VoIP  over  WLAN  we  found  that  voice  and  data 
traffic  mixed  about  as  well  as  oil  and  water.  Of  four  vendors  tested,  only  Aruba  was 
able  to  walk  the  walk.  Page  38. 

Face-Off:  Is  PON  the  cure  for  last-mile  bandwidth  bottlenecks?  John  '  "  , 

Griffin  of  Optical  Solutions  is  pro-PON,  while  Dave  Curry  of  World  Wide 

Packets  takes  the  opposing  view.  Page  41 .  HhHI 

Griffin  Curry 


www.nwkision.com 


Breaking  News 


Go  online  for  breaking  news  every  day.  DocFinder:  6342 


Available  only  on  Fusion 

Anti-spam  Buyer’s  Guide 

A  complete  Buyer's  Guide  of  more  than  130  anti-spam  appliances, 
software  and  services.  Get  all  your  anti-spam  product  research 
done  here. 

DocFinder:  5334 

Case  studies 

Learn  best  practices  from  your  peers  to  make  the  most  of 
technology,  save  money  and  streamline  your  business. 

DocFinder:  5335 

Network  World  Fusion  Radio 

Get  the  inside  scoop  on  hot  technology  issues,  such  as  inexpen¬ 
sive  servers,  WiMAX,  network  security  design  and  more.  Stream 
the  sessions  to  your  desktop  or  download  them  as  MP3s  for 
later  use. 

DocFinder:  5336 

This  week  at  Network  Lifer.  The  Expert’s 
Guide  to  the  Connected  Home 

Every  day  Network  Life  offers  everything  you  need  to  know  to 
keep  your  —  and  your  family's  and  friends'  —  home  network 
humming.  Get  the  latest  news,  opinions,  reviews,  how-tos 
and  more. 

DocFinder:  4838 

CES  news  roundup 

Couldn't  make  the  show  last  week?  No  problem  —  get  the  low- 
down  on  all  the  product  announcements  and  launches,  keynotes 
and  events  at  our  CES  news  page. 

DocFinder:  5342 


New  Network  Life  blogs 

Security  chief 

Deb  Radcliff  gives  you  security  resolutions  for  the  new  year  and 
wants  your  feedback  on  the  biggest  problems  when  running  a  home 
network.  DocFinder  5337 

Off  the  clock 

Editor  Keith  Shaw  looks  at  a  great  digital  photo  organizer  and  X2's 
"true"  media  center  PC,  and  tells  you  how  you  can  become  a  video 
gamer  tester.  DocFinder  5338 

Tech  Spy 

Where  do  routers  come  from? 

Editor  Toni  Kistner  reports  on  her  trip  to  D-Link's  manufacturing  plant 
in  Taiwan  DocFinder  5345 


Online  help  and  advice 

Nutter's  Help  Desk 

Server  network  card  problem 

Help  Desk  guru  Ron  Nutter  helps  a  reader  who's  online  learning 
application  is  conflicting  with  network  cards. 

DocFinder  5339 

Smali-Business  Tech 

HP's  new  all-in-one  network  inkjet  printer 

Columnist  James  Gaskin  says  HP's  S999  Color  All-In-One 

OfficeJet  9130  is  worth  every  penny.  DocFinder  5440 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  50 
newsletters  on  key  network  topics. 

DocFinder.  6343 


What  is  DocFinder? 

We've  made  it  easy  to  access  articles  and  resources  online.  Simply  enter  the  four-digri  DocFinder 
number  in  the  search  box  on  the  home  page,  and  you'll  jump  directly  to  the  requested  inform:!:^- 


Microsoft  releases  anti-spyware  beta 

■  Microsoft  last  week  tried  to  sharpen  its  focus  again  on  security 
by  releasing  the  first  beta  of  the  anti-spyware  software  it  acquired 
when  it  bought  Giant  Software  last  month.The  company  also  says 
that  next  week  it  will  begin  shipping  tools  for  removing  malicious 
code  from  a  PC.  Microsoft  Windows  AntiSpyware  can  detect  and 
remove  spyware,  and  block  known  spyware  from  infecting  com¬ 
puters.  The  company  didn’t  say  when  a  shipping  version  of 
AntiSpyware  would  be  available.  Microsoft  is  making  AntiSpyware 
available  for  Windows  2000  and  later  versions  of  the  operating  sys¬ 
tem.  The  company  says  it  hopes  users  will  join  its  voluntary  Spy- 
Net  network  to  report  potential  spyware.  The  Windows  malicious 
code  removal  tools  are  a  compilation  of  three  tools  Microsoft 
released  a  year  ago.  While  the  tools  don’t  prevent  malicious  code 
from  infecting  a  PC,  they  can  remove  it.  Microsoft  will  update  the 
tools  the  second  Tuesday  of  each  month,  the  same  monthly 
schedule  for  new  patches. 

Symantec,  Veritas  execs  defend  merger 

■  The  heads  of  Symantec  and  Veritas  Software  joined  forces  last  week  in  New  York  in 
an  attempt  to  allay  investor  worries  about  the  proposed  merger  of  the  two  companies. 
In  a  presentation  and  discussion  with  Wall  Street  analysts  and  shareholders  on  the  ratio¬ 
nale  for  combining  the  firms,  Symantec  CEO  John  Thompson  said  that  the  $13.5  billion 
proposed  acquisition  of  Veritas  by  Symantec  has  triggered  “some  trepidation  and  skep¬ 
ticism.”  Thompson  and  Veritas  CEO  Gary  Bloom  tried  to  counter  doubts  by  saying  the 
two  companies,  which  have  teamed  to  sell  the  products  to  29  corporate  accounts  in  the 
past,  expect  to  see  18%  growth  in  the  next  fiscal  year.  While  there  is  virtually  no  product 
overlap  between  Veritas  and  Symantec, Thompson  said  the  two  firms  estimate  there  is 
about  $100  million  in  overlap  in  things  such  as  “back-office  infrastructure,”  which  will 
have  to  be  resolved  after  the  merger.  There  is  no  date  set  for  a  shareholder  vote  on  the 
merger. 

Ex-WorldCom  directors  to  pay  millions 

■  Ten  ex-WorldCom  directors  have  agreed  to  pay  $18  million  out  of  their  own  pockets 
to  settle  a  suit  with  the  New  York  State  Common  Retirement  Fund.  The  personal  pay¬ 
ment  is  part  of  a  $54  million  deal  the  lawyers  for  the  former  executives  struck  with  the 
state.  According  to  reports,  the  details  are  not  yet  public  because  the  judge  presiding 
over  the  case  still  has  to  approve  the  deal. Typically  when  shareholders  or  investors  sue 
a  director,  the  company  and  the  company’s  insurance  pay  the  penalties.  But  in 
WorldCom’s  case,  the  boards  were  found  to  have  shown  poor  judgment,  and  even 
neglect,  for  not  recognizing  fraudulent  activities  that  eventually  drove  WorldCom  into 

COMPENDIUM 

He’s  standing  by 

Dave  Piscitelio  writes:  If  you  know  how  to  write  an  operating  system  that  is  easy  to 
use,  trivial  to  network  and  perfectly  secure,  drop  me  a  line.  Find  out  more  at 
www.nwfusion.com,  DocFinder:  5343. 
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Selling  out  This  past  year  was  a 
good  one  for  IT  start-ups  looking  to  get 
bought,  according  to  research  firm 
VentureOne.  Vice  President 
John  Gabbert  says  246  such 
companies  fetched  a  combined 
$13.97  billion  from  acquirers, 
the  most  paid  since  2001. 

Cell  phones  vs. 

A  new  study  funded  largely  by 
European  Union  has  concluded 
that  radio  waves  from  mobile 
phones  damage  cells  and  DNA  in 
humans  and  animals,  according 
to  a  Reuters  report.  The  four-year  Reflex 
study,  run  by  12  research  groups  in  seven 
European  countries,  did  not  find  that 
mobile  phones  actually  are  a  significant 
health  risk  but  did  suggest  that  more  study  i: 
needed.  The  mobile  phone  industry  denies 
conclusive  evidence  of  harmful  effects  exists. : 

No  wonder  IBM  ditched  it 


BRIAN  GAIDRY 


IBM's  PC  business  racked  up  $965  million  in  losses  between  Jan.  1, 2001,  and  June 
30, 2004,  the  company  has  reported  in  a  new  filing  with  the  Securities  and  Exchange 
Commission  that  details  the  planned  sale  of  the  business  to  China’s  Lenovo  Group. 


bankruptcy  The  board  members  who  have  agreed  to  a  settlement  include  Clifford 
Alexander, secretary  of  the  Army  during  the  Carter  administration,  and  James  Allen,  for¬ 
mer  CEO  of  Brooks  Fiber,  one  of  the  more  than  70  companies  WorldCom  acquired  in 
the  1990s. 

IBM  buys  analytics  specialist 

■  IBM  announced  late  last  week  that  it  has  acquired  privately  held  SRD  for  an  undis¬ 
closed  amount  to  fill  out  its  business  intelligence  middleware  portfolio.  SRD  makes  ana¬ 
lytics  software  that  specializes  in  gleaning  information  about  individuals’  identities  and 
discovering  obscure  associations  from  disparate  data  sources  —  for  example,  if  someone 
is  bouncing  checks  at  five  different  banks  using  five  different  names  or  identities.  IBM 
plans  to  integrate  SRD’s  operations  into  its  information  management  software  group. 

Minnesota  to  appeal  FGG  VoIP  ruling 

■  The  Minnesota  Public  Utilities  Commission  plans  to  appeal  a  November  decision  by 
the  FCC  prohibiting  states  from  regulating  VoIP  services,  such  as  those  offered  by  Vonage 
Holdings.This  appeal  of  the  FCC’s  ruling  marks  the  second  appeal  by  a  state  public  util¬ 
ities  commission,  after  California  filed  a  petition  for  review  with  the  U.S.  Court  of  Appeals 
for  the  Ninth  Circuit  in  December. The  commission’s  chief  concern  over  the  FCC  ruling 
was  how  VoIP  carriers  would  implement  E911  services  without  state  regulation. 
Commissioners  also  expressed  concern  over  whether  VoIP  providers  would  contribute 
to  the  federal  Universal  Service  Fund,  which  subsidizes  phone  service  in  rural  and  poor 
areas,  and  what  services  VoIP  carriers  would  provide  to  people  with  hearing  loss.  In 
November,  the  FCC  ruled  that  Vonage-style  VoIP  service  should  be  free  from  most  state 
regulation  because  the  service  can’t  practically  be  separated  into  intrastate  and  inter¬ 
state  components. 

FTC  reins  in  Wallace  over  adware 

■  The  Federal  Trade  Commission  last  week  negotiated  an  agreement  with  Sanford 
Wallace  and  his  companies,  SmartBot.net  and  Seismic  Entertainment  Productions,  to 
send  online  ads  only  to  people  who  visit  their  Web  sites  and  to  refrain  from  infecting 
computers  with  adware  until  a  lawsuit  pertaining  to  this  is  resolved  in  federal  court.The 
trial  date  to  settle  the  complaint  brought  by  the  FTC  against  Wallace  and  his  companies 
last  October  has  still  not  been  set. 


2004  Howloif-I  kcud  Development  Company.  I.  P  Intel,  Intel  inside,  the  Intel  Inside  I090  end  Itanium  are 
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Presenting  HP’s  Integrity  servers,  designed  to  keep  your  business  agile  during 
changing  times.  Strong  and  stable,  HP  Integrity  servers  powered  by  reliable 
Intel®  Itanium®  2  Processors  are  built  for  your  most  critical  business  needs. 
Increased  power  and  advanced  management  capabilities  allow  you  to 
optimize,  consolidate  and  integrate  as  your  business  grows.  So  you’ll  always 
be  prepared  for  change,  whether  it’s  big,  small  or  unexpected. 


For  more  information  on  managing  complex  multi-OS  environments  with  HP  Integrity  servers,  visit  hp.com/go/integrityl 
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McData  preps  high-end  storage  switch 


■  BY  DENI  CONNOR 

McData  next  week  is  expected 
to  roll  out  a  long-awaited  direc¬ 
tor-level  switch  that  promises  to 
let  customers  consolidate  stor¬ 
age  resources  without  sacrific¬ 
ing  the  security  and  isolation 
required  by  application  data. 

Although  McData  declined  to 
comment,  the  company  is  ex¬ 
pected  to  introduce  the  Intrepid 
10000  Director,  a  Fibre  Channel 
and  Gigabit  Ethernet  switch  with 
2G-,4G-,and  lOG-bit  connectivity. 
The  switch  is  based  on  technol¬ 
ogy  McData  acquired  when  it 
bought  Sanera  Systems. 

According  to  sources  and  ear¬ 
lier  McData  statements,  the 
multi-protocol  Intrepid  10000 
will  be  able  to  be  partitioned 
into  as  many  as  four  logical 
domains  using  the  company’s 
Virtual  Partitioning  technology. 
Virtual  Partitioning  lets  cus¬ 
tomers  divvy  up  their  storage 
area  network  (SAN)  and  isolate 
a  business  unit’s  applications 
and  data,  while  consolidating 
data  onto  one  device  for  man¬ 
agement  purposes. 

Consolidating  storage 

resources  will  be  a  major  thrust 
of  corporate  users  in  the  next 
year,  says  Stephanie  Balaouras,  a 


senior  analyst  with  The  Yankee 
Group. 

“Customers  plan  to  consoli¬ 
date  smaller  port-count  switches 
into  larger,  high-density  switches 
and  directors,”  Balaouras  says. 
“Higher-port  switches  and  direc¬ 
tors  will  definitely  assist  in  con¬ 
solidation,  easing  some  of  the 
complexity  of  managing  multi¬ 
ple  SAN  islands  and  bridging 
Fibre  Channel  and  IP  networks.” 

The  Intrepid  10000  results  from 
McData’s  $104  million  acquisi¬ 
tion  of  Sanera  in  October  2003. 
At  the  time,  Sanera  was  making 
the  DS10000,  a  multi-protocol 
intelligent  switch  that  was  capa¬ 
ble  of  hosting  storage  applica¬ 
tions  such  as  mirroring,  data 
migration  and  replication. 

The  Intrepid  10000  consists  of 
eight  blades,  each  containing 
four  paddles.  Each  paddle  can 
carry  eight  2G-bit  Fibre  Channel 
or  Fibre  Connection  (FICON) 
ports  or  a  single  lOG-bit  Fibre 
Channel  port.  The  entire  chassis 
can  support  128  4G-bit  ports  or 
256  oversubscribed  ports. 
McData  is  also  expected  to  add 
Internet  Fibre  Channel  Protocol 
(IFCP)  and  iSCSI  routing  into  the 
Intrepid  10000  in  the  next  year. 

All  256  ports  on  the  Intrepid 
10000  are  non-blocking  to  in¬ 


crease  performance  and  acces¬ 
sibility.  The  lOG-bit  capability 
will  be  used  to  create  inter¬ 
switch  links. 

With  the  Intrepid  10000,  data 
can  be  transmitted  over  dis¬ 
tances  of  1,200  miles  at  1G 
bit/sec  throughput,  according  to 
McData’s  earlier  statements.  Mc¬ 
Data’s  Enterprise  Fabric 
Connectivity  Manager  will  man¬ 
age  the  switch. 

The  Intrepid  10000  will  be 
sold  through  the  OEM  channel 
by  companies  such  as  IBM  and 
EMC,  which  are  currently  quali¬ 
fying  it  to  run  with  their 
SAN  gear. 

Plenty  of  competition 

The  Intrepid  10000  will  com¬ 
pete  with  CNT’s  recently  an¬ 
nounced  UltraNet  Multi-Service 
Director,  Cisco’s  MDS  9509  Multi¬ 
layer  Director  and  intelligent 
director-level  switches  from 
start-ups  Maranti  and  Maxxan. 
While  these  other  switches  can 
host  intelligent  applications, 
such  as  replication  and  data 
migration,  the  Intrepid  doesn’t 
currently  perform  those  func¬ 
tions.  According  to  sources, 
future  releases  of  the  product 
will  support  storage  applications 
through  a  bladed  approach, 


■  . 

Intrepid  adventure 

How  McData’s  Intrepid  compares  with  other  switches. 

Vendor/product 

No.  of 
ports 

Protocols  supported 

Brocade  Silkworm  24000 

128 

Fibre  Channel,  FICON 

Cisco  MDS  9509 
Multi-layer  Director 

224 

Fibre  Channel,  iSCSL, 

Fibre  Channel  over  IP 

CNT  UltraNet 
Multi-Service  Director 

256 

Fibre  Channel,  iSCSI,  Fibre 
Channel  over  IP,  Gigabit 
Ethernet,  SONET,  FICON 

Maranti  CoreSTOR 

128 

Fibre  Channel,  iSCSI, 

Gigabit  Ethernet 

Maxxan  MXV  500 

256 

Fibre  Channel,  Fibre  Channel 
over  IP,  Gigabit  Ethernet 

McData  Intrepid  10000 
Director 

256 

Fibre  Channel,  Gigabit 

Ethernet,  FICON 

All  these  switches  support  1G  and  2G  bit/sec  Fibre  Channel. 

using  the  company’s  Sphereon 
4700i  fabric  switch. 

Since  Cisco’s  entry  into  the 
director-level  switch  market  in 
early  September  2003,  the  mar¬ 
ket’s  demographics  have 
changed.  According  to  The 
Yankee  Group,  McData  led  the 
market  with  nearly  47%  in  the 
second  quarter  of  this  year. 
Cisco  has  shown  rapid  growth 
—  the  company  now  leads 
Brocade,  24%  to  23%.CNT  has  a 


Start-up  to  paint  new  switch  picture 


■  BY  TIM  GREENE 

Start-up  Matisse  Networks 
promises  that  by  year-end  it  will 
ship  a  distributed  switch 
designed  to  connect  the  geo¬ 
graphically  dispersed  elements 
of  corporate  data  centers. 

The  company  says  that  its 
equipment  connects  sites  via 
fiber  links  more  efficiently  than 
current  core  switches  operating 
in  tandem  with  dense  wave¬ 
length  division  multiplexing 
devices.  It  says  it  uses  patented 
technology  to  do  so  less  expen¬ 
sively  and  with  fewer  network 
devices  than  conventional 
means. With  a  distributed  switch, 
elements  would  be  geographically  dispersed 
on  a  campus,  for  example,  and  behave  as  one 
switch,  and  also  be  managed  as  one  entity 

The  new  equipment  will  rival  high-band¬ 
width  switch-routers  made  by  Cisco  and 
Extreme  Networks  that  now  are  used  to  con¬ 
nect  sites  for  distributed  data  centers. 

A  hint  about  the  technology  might  lie  in 
the  company  name,  which  comes  from  the 


PROFILE: 


MATISSE  NETWORKS 

Location: 

Mountain  View,  Calif. 

Founder: 

Claude  Hanou,  former  general  manager  ofTerayon’s 
Data  Cable  division. 

Employees: 

45 

Funding: 

$21  million  from  Menlo  Ventures,  Walden 
International  and  Woodside  Fund. 

Product: 

Distributed  multi-protocol  data  center  switch. 

Competitors: 

Cisco,  Extreme,  Nortel 

Fun  fact: 

Company  founders  see  themselves  as  similar  to 
artist  Henri  Matisse  in  breaking  convention  and 
viewing  things  from  a  new  perspective. 

Expressionist  painter  Henri  Matisse.“Matisse 
was  called  the  ‘master  of  color,’”  says  Timon 
Sloane,  the  company’s  vice  president  of 
marketing.“We  are  also  mastering  color  with 
our  innovative  use  of  the  optical  spectrum 
to  deliver  our  distributed  multi-protocol 
switch.” 

Matisse’s  distributed  devices  are  managed 
as  one  switch  that  can  be  thought  of  as  hav¬ 


ing  a  backplane  of  optical  links, 
Sloane  says.  It  can  be  used  as  the 
core  of  a  corporate  data  net¬ 
work,  leaving  existing  infrastruc¬ 
ture  in  place,  says  company  CEO 
Sam  Mathan. 

The  Matisse  switches  are  de¬ 
signed  for  anchoring  networks 
within  buildings,  campuses  and 
metropolitan  areas. 

This  configuration  simplifies 
network  architecture  by  reduc¬ 
ing  the  number  of  individual 
switches  that  connect  sites  that 
comprise  a  distributed  data  cen¬ 
ter,  the  company  says.  This  also 
reduces  capital  expenses 
because  the  gear  costs  less  than 
alternatives,  and  reduces  operat¬ 
ing  expenses  because  there  is  less  adminis¬ 
tration,  the  company  says.  The  company 
would  not  quantify  potential  savings. 
According  to  Mathan,  the  distributed  switch 
also  increases  available  bandwidth  on  each 
fiber,  although  he  declined  to  say  how. 

Matisse’s  switch  will  be  available  in  the  sec¬ 
ond  half  of  2005.  The  company  will  release 
details  this  summer.  ■ 


7.4%  market  share. 

According  to  a  report  from 
Lehman  Brothers,  McData, 
which  has  five  Intrepid  10000 
customers,  is  taking  orders  for 
the  storage  switch.  Pricing  has 
not  been  disclosed. 

McData  also  has  promised  a 
variety  of  other  switch/router 
products  by  mid-2005.  It  is 
expected  to  ship  the  Eclipse 
1640  SAN  router,  which  sup¬ 
ports  the  IFCP  iSCSI,  Fibre 
Channel  and  Gigabit  Ethernet, 
and  several  new  mid-range 
Sphereon  models:  the  24-port 
Sphereon  4710  fabric  switch, 
the  32-port  4700  and  the  16- 
port  4400.  All  the  Sphereon 
switches  will  be  equipped  with 
both  2G  and  4G  bit/sec  Fibre 
Channel  connectivity  and 
FICON  capability.  ■ 


I  Directions 


■  The  test  "Top  spam  fighters 
offer  feature  diversity"  (Dec. 

20,  page  34)  should  have  said 
that  Barracuda  does  support 
SSL  encryption  for  manage¬ 
ment. 

■  In  the  story  "Change  man¬ 
agement  reins  in  SANs"  (Dec. 

120,  page  29),  the  author's 
name  should  have  been  listed  as 
Roy  Alon. 

■  The  story  "Reviewing  our 
2004  predictions”  (Dec.  20, 
page  32)  said  AT&T  sold  off  its 
wireless  business  to  Cingular.  It 
should  have  stated  that  AT&T 
Wireless  was  already  an  inde¬ 
pendent  company. 


Advertisement 


Nokia  One  Business  Server  Nokia  Firewall/VPN  Appliance  6820  Messaging  Device 


R.O.  Ida,  The  CFO 


m  The  queen  was  in  her  counting  house,  counting  all  her  company’s 
■  savings.  More  specifically,  when  we  caught  up  with  R.O.  Ida,  the  chief 
I  F  financial  officer,  she  was  tallying  last  month’s  savings,  the  result  of  a 
”  total  mobility  solution  the  Queen  of  Lean  has  begun  implementing. 

What’s  up  with  that  jar  full  of  old  rings  and  tarnished  coins  on  your ... 

Shhhh!  2,997,  2,998,  2,999,  three  thousand  dollars!  Wow,  right  to  the 
bottom  line.  And  we  haven’t  even  reined  in  all  the  runaway  mobility  expenses 
yet.  Oh,  the  jar....  It’s  stuff  I  found  with  my  metal  detector. 

You’re  smiling,  which  is  odd  for  a  CFO;  are  you  actually  enjoying  yourself? 

It  sure  beats  signing  expense  reports— they’re  what  I  like  to  call  a  salesman’s 
best  shot  at  creative  writing!  But  what  really  gives  me  a  kick  is  saving  money,  and 
that's  what  we’re  doing  here  now  with  our  new  total  mobile  strategy. 

A  strategy  for  all  mobile  services?  Why  not  let  individual  departments 
decide  what’s  best,  or  even  the  individuals  themselves? 

That’s  what  got  us  into  a  big  mess  in  the  first  place.  Until  recently,  we  had 
five  different  mobile  service  providers.  We  had  hardware  from  eight  different 
vendors.  We  had  incompatible  mobile  email  solutions.  It  was  hard  for  us  to 
guarantee  security  with  such  a  rat’s  nest.  And  man,  was  it  expensive.  Tell  you  the 
truth,  we  had  a  really  hard  time  just  tracking  the  expense.  To  people  like  me, 
that’s  like  not  knowing  the  day  of  the  week. 

So  what  did  you  do? 

I  was  complaining  about  this  to  a  friend  while  we  were  window  shopping, 
and  she  said,  "Call  Nokia.”  So  I  did.  It  wasn’t  just  a  business  query— it  was  an 
S.O.S.,  because  we  were  spending  a  third  of  our  IT  budget  on  mobility.  After 
routine  IT  maintenance,  we  were  left  with  zippo  for  strategic  development. 
It  was  like  throwing  good  money  into  a  parking  meter— there  was  just  no 
return. 


What  did  Nokia  do  for  you? 

For  starters,  they  helped  us  develop  a  total  mobile  connectivity  solution, 
with  uniform  high-speed  remote  access  to  give  our  road  warriors  the  info  they 
need  no  matter  where  they  are,  and  quickly.  They  layered  in  just  the  right 
amount  of  security,  including  a  secure  VPN.  And  they  gave  our  administrators 
real  easy-to-use  tools  to  assign  access  privileges  based  on  user  identity.  This  was 
our  foundation. 

Then  what? 

Slowly  but  surely,  we  developed  a  plan  with  Nokia  to  get  rid  of  a  lot  of  the 
incompatible,  clunky  mobile  hardware  and  replace  it  with  intelligent  Nokia 
devices.  They  are  built  to  work  seamlessly  together,  which  means  fewer  calls 
in  the  middle  of  the  night  from  far-flung  corners  of  the  globe  to  our  help 
desk.  And  less  help-desk  expense.  With  their  guidance,  our  mobile  workers 
get  just  what  they  need,  but  no  more.  I  like  that.  Now  we  inventory  all  new 
devices,  and  maintenance  and  replacement  schedules  are  predictable.  I  really 
like  that. 

Anything  else? 

You  bet.  Everyone  knows  the  killer  app  today  is  email.  It’s  the  lifeblood  for  our 
mobile  workers.  Nokia  worked  with  us  to  provide  a  uniform,  simple,  and  highly 
reliable  mobile  email  solution  that  has  saved  us  big  bucks.  They  helped  us 
fine-tune  the  solution  to  the  different  devices  our  IT  guys  deploy,  because  some 
road  warriors  like  to  use  their  PDAs  for  mail,  others  like  their  laptops,  and  still 
others  prefer  their  smart  phones.  Me— I  just  love  the  dollar  savings  that  come 
from  a  single,  predictable,  and  reliable  mobile  email  solution. 

( 

Sounds  like  Nokia  helped  you  find  a  key  to  the  efficiency  kingdom. 

Yeah,  and  I  didn’t  have  to  use  my  metal  detector  to  find  it.  Now,  if  you’ll 
excuse  me,  it’s  lunch  time  and  I’d  like  to  balance  my  checkbook.  By  the  way,  the 
time’s  out  on  your  parking  meter. 


a  Interviewer  Bill  Laberis  was  editor-in-chief  of  Computerworld  for  ten  years  (1986-1996).  He  is  president  of  Bill  Laberis  Associates,  a  custom 

publishing  and  content  company  (www.laberis.com).  His  columns,  Webcasts,  supplements  and  magazines  are  well-known  and  respected 
throughout  the  high-tech  industry. 


Learn  how  to  mobilize  your  team  and  increase  business  productivity. 
Download  “The  Anytime,  Anyplace  World”  white  paper. 
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continued  from  page  1 

acquirer  is  Computer  Associates, 
he  says.  One  of  BEAs  assets  is  its 
WebLogic  enterprise  service 
bus.  “CA  could  use  that  to 
link  all  of  Unicenter  together,” 
Dzubeck  says. 

While  it  didn’t  nab  SAB  Micro¬ 
soft  is  expected  to  make  some 
move  to  acquire  middleware 
technology.  “The  leverage  within 
the  enterprise  is  moving  up  the 
stack,  closer  to  the  business  pro¬ 
cess,”  Gens  says.  “Microsoft  needs 
to  strengthen  its  position.  We’re 
not  going  to  speculate  as  to  who 
they  will  buy  Certainly  that  com¬ 
munity  of  application  vendors 
and  some  of  the  integration  plat¬ 
form  vendors  is  where  we  believe 
Microsoft  will  target.” 

Cisco,  too,  will  add  to  the  acqui¬ 
sition  frenzy  The  company  has 
historically  been  an  acquisition 
ace,  building  its  router, switch  sec¬ 
urity  and  VoIP  business  lines  on 
acquired  companies’  technology 
Last  year  it  used  acquisitions  to 
enter  new  markets,  such  as  wide- 
area  storage  management,  and  to 
augment  its  existing  technolo¬ 
gies.  By  year-end,  Cisco  had  an¬ 
nounced  12  acquisitions  worth 
more  than  $700  million.  Expect  at 
least  as  many  deals  in  2005. 

Awake  at  night 

Security  continues  to  dominate 
IT  mindshare  —  and  the  emer¬ 
gence  of  wireless  protocol  ex¬ 
ploits  will  do  little  to  quell  that. 
Mikko  Hypponen,  director  of  anti¬ 
virus  research  at  F-Secure,  sug¬ 
gests  this  frightening  scenario:  A 
wireless-enabled  laptop  infects 
other  wireless  devices  simply 
through  their  proximity  to  the 
infected  machine.. 

The  possibility  of  that  happen¬ 
ing  is  real,  he  says. “The  fact  that 
computers  are  listening  to  over- 
the-air  traffic  means  they  are,  at 
least  in  theory,  vulnerable  to  pro¬ 
tocol  exploits,  which  would  be 
able  to  infect  them  just  because 
they  are  too  close  to  an  infected 
computer,”  Hypponen  says.^ 
“Sooner  or  later  —  if  not  in  2005, 
maybe  in  2006  —  we  will  see  ex¬ 
ploits  using  these  wireless  con¬ 
nections.” 

Even  if  a  user  has  a  firewall  or 
VPN  to  secure  the  wireless  con¬ 
nection,  the  computer  still  is  lis¬ 
tening  to  the  radio  waves,  he  says. 
“The  more  I  think  about  it,  the 
more  I’m  worried  about  it,”  Hyp¬ 
ponen  says. 

Uncrackable  viruses  also  could 
be  on  the  horizon. Authorities  put 
up  their  best  numbers  yet  in  2004 
with  respect  to  arresting  virus 


writers, but  unfortunately  the  peo¬ 
ple  they’re  catching  are  hobbyists 
and  teenagers,  Hypponen  says. 
The  biggest  threats  come  from 
professionals  who  are  beefing  up 
their  arsenals. 

“Since  the  first  PC  viruses  came 
18  years  ago,  so  far  we’ve  been 
able  to  crack  every  single  vims. 
But  that  could  change,”  Hypponen 
says.  “Our  enemy  is  professional 
and  is  actually  investing  money  in 
the  development  of  their  attack 
tools  and  their  viruses.” 

Another  issue  that  keeps  enter¬ 
prise  IT  executives  up  at  night  is 
compliance  with  regulatory  initia¬ 
tives.  In  particular,  the  Sarbanes- 
Oxley  Act  of  2002,  intended  to 
deter  fraud  and  protect  investors 
by  establishing  more  stringent 
standards  for  corporate  gover¬ 
nance,^  commanding  an  increas¬ 
ing  share  of  IT  resources. 

Spending  on  compliance  with 
the  Sarbanes-Oxley  Act  will  reach 
$6.1  billion  in  2005,  according  to 
AMR  Research.  A  healthy  chunk 
of  money  spent  —  $1.71  billion, 
or  28%  —  will  go  to  technology 
However,  the  primary  resource 
consumer  is  personnel:  Internal 
head-count  costs  will  total  $2.08 
billion,  or  42%  of  compliance 
spending,  AMR  says. 

Regulatory  and  compliance 
concerns,  combined  with  contin¬ 
ued  mergers  and  acquisitions  this 
year  by  large  corporations  requir¬ 
ing  identity  integration,  will  keep 


identity  management  top  of 
mind, says  Earl  Perkins,  vice  presi¬ 
dent  of  security  and  risk  strategies 
at  Meta  Group.  What  remains  to 
be  seen  is  how  corporations 
attack  identity  management  — 
from  a  traditional  top-down  provi¬ 
sioning  and  workflow  stance,  or 
via  federation.The  concept  of  fed¬ 
erated  identity  calls  for  users  to 
authenticate  themselves  to  their 
local  network  and  then  pass  that 
authentication  to  partners  for 
access  to  services  or  data  on  the 
partner’s  network. 

“Federation  is  just  catching  its 
breath  and  merging  with  Web 
services  security  and  starting  to 
appear  in  some  early  key  imple¬ 
mentations,”  Perkins  says. 

Toys  for  the  data  center 

Consolidation  has  been  the  ral¬ 
lying  cry  in  data  centers  for  a  few 
years,  and  2005  will  be  no  differ¬ 
ent. 

Look  for  switches  to  become 
multifunctional,  with  LAN 
switches  handling  more  network 
services  roles  such  as  IDS  and 
firewalls,  for  example.  One  big  dri¬ 
ver  is  to  reduce  the  number  of 
boxes  network  administrators 
have  to  handle.  That  also  will 
result  in  smarter  switches  that  can 
pass  information  back  and  forth 
with  servers,  keeping  track  of 
application  availability,  for 
instance.  Also  watch  for  more  10G 
Ethernet  switches  to  be  deployed 


in  the  LAN  core  as  servers 
become  more  powerful  and 
enterprise  data  center  managers 
look  for  ways  to  transport  data 
more  quickly 

The  blade  market  will  continue 
to  heat  up.  Dell  re-entered  the 
market  in  November,  and  analysts 
expect  that  to  help  push  prices 
down  across  the  low  end  of  the 
server  market. 

“Most  vendors  have  come  out 
with  lower-cost  blades,  industry- 
standard,  less  fancy  blades  aimed 
at  the  lower  end  of  the  market. . . . 
This  could  be  the  year  where 
there  are  a  lot  of  products  like 
that  in  the  pipeline,”  says  Charles 
King,  principal  analyst  with  Pund- 
IT  Research.  IDC  expects  the 
blade  server  market  to  top  $1  bil¬ 
lion  in  2004  and  be  more  than  $2 
billion  in  2005. 

Overall,  the  downward  pricing 
pressure  will  continue  across 
the  server  market  as  commodity 
servers  take  on  more  powerful 
roles  through  clustering  and 
virtualization. 

Indeed,  the  server  virtualization 
market  will  see  strong  growth  in 
2005  as  IT  managers  look  for 
ways  to  get  more  out  of  existing 
resources.  Microsoft  has  entered 
the  market  with  Virtual  Server 
2005,  which  should  help  drive  the 
technology  mainstream.  VMware, 
an  EMC  company,  dominates  the 
market,  and  analysts  expect  it  to 
keep  that  lead.  IDC  predicts  the 


virtual  machine  software  market 
will  increase  15%  next  year,  and 
expects  a  number  of  start-ups  and 
veteran  companies  to  come  out 
with  technology  to  virtualize 
applications  across  servers. 

On  the  processor  front,  Ad¬ 
vanced  Micro  Devices  took  the 
early  lead  with  its  32-/64-bit  Op- 
teron  chip  and  will  again  be  out 
in  front  when  it  comes  to  dual¬ 
core  x86  processors.  AMD  says  it 
will  release  a  dual-core  Opteron 
in  2005,  but  Intel  has  pulled  back 
on  plans  to  release  a  dual-core 
Xeon  this  year.  While  enterprise 
users  can  expect  to  see  dual-core 
Itanium-based  systems  by  year- 
end,  dual-core  Xeons  won’t  ship 
until  2006. 

For  the  best  of  both  worlds, 
servers  based  on  32-/64-bit  chips 
will  continue  to  make  headway 
Opteron-based  systems  will  be 
sold  running  primarily  Linux 
for  high-performance  computing, 
while  Intel’s  EM64T  will  establish 
itself  as  a  Windows  platform  in 
existing  32-bit  environments,  ana¬ 
lysts  say  That  is  helping  give  Intel 
an  edge  in  the  32-/64-bit  world, 
where  60,000  EM64T-based  serv¬ 
ers  were  shipped  in  the  third 
quarter  of  2004,  compared  with 
54,000  Opteron-based  systems. 

But  all  this  innovation  is  not 
without  its  penalties.  Virtualiza¬ 
tion,  capacity  on  demand,  multi¬ 
core  processors  and  other  server 
See  Future,  page  12 


I  Another  year  for  moderate  spending 


It  will  be  more  of  the  same  in  2005, 
according  to  market  research  firms, 
which  forecast  IT  spending  to  grow 
between  6%  and  9%  over  2004  budgets. 

That  means  IT  buyers  will  continue  to  keep 
a  close  watch  on  their  IT  dollars,  and  in¬ 
crease  spending  only  sparingly  in  key  areas. 

Separately,  Forrester  Research,  Gartner 
and  IDC  announced  their  predictions  on 
how  many  IT  dollars  will  be  doled  out  for 
new  technology  in  2005,  Each  group  re¬ 
ported  that  corporate  IT  purse  strings 
won’t  get  much  looser  in  the  coming 
months.  But  the  news  remains  positive  as 
even  a  moderate  increase  bodes  better 
than  flat  budgets,  or  plans  for  more  cuts. 

“IT  executives  . . .  painted  a  picture  of 
increasing  optimism  for  budget  outlays  for 
IT  products  and  services  in  2005,”  says 
Brian  Smith,  an  analyst  at  Gartner 
Research.  “A  net  of  57%  more  budgets  will 
head  upward  than  downward." 

Forrester  determined  spending  could 
increase  about  7%,  and  Gartner,  with  the 
most  optimistic  forecast,  polled  500  IT  exec¬ 
utives  in  December,  and  found  budgets 
could  increase  by  9%  overall.  Yet  IDC  fore¬ 


casts  a  smaller  increase  of  6%  —  or  about 
$60  billion  in  new  IT  dollars  to  be  spent. 

"We  expect  there  to  be  a  little  more  than 
$1  trillion  spent  on  IT  in  2005,  which  repre¬ 
sents  very  modest  growth,"  says  Frank 
Gens,  senior  vice  president  of  research  at 
IDC.  “It’s  a  slow  economic  recovery,  and  it’s 
keeping  a  bit  of  a  lid  on  the  industry,  making 
IT  a  buyer’s  market  for  another  year." 

Forrester  attributes  modest  growth,  which 
it  expects  will  continue  through  2008,  to  a 
natural  technology  adoption  rate  among  IT 
buyers.  It  says,  until  2000  or  so,  companies 
were  buying  new  technology  wares  hand 
over  fist.  Now  companies  need  to  digest. 

"The  tech  economy  will  keep  chugging 
away  like  this  until  the  next  big  period  of 
new  investments  arises,"  says  Andrew 
Bartels,  a  vice  president  with  Forrester. 

"The  7%  growth  rate  is  about  in  line  with 
the  overall  economy.  We  are  not  in  a  tech 
recession,  but  we  won’t  see  double-digit 
increases  for  a  few  years  yet.” 

Among  the  new  technologies  expected  to 
garner  the  lion's  share  of  cash  are  infra¬ 
structure  software  —  specifically  security 
wares  such  as  identity  management  prod¬ 


ucts  —  smart  handheld  devices,  PCs,  net¬ 
work  equipment  and  application  software. 
IDC  says  each  market  will  see  about  $5  bil¬ 
lion  to  $6  billion  in  new  dollars  in  2005. 

Forrester's  findings  parrot  IDC’s  numbers. 
According  to  Bartels,  security  software  will 
see  a  12%  growth  within  the  overall  soft¬ 
ware  group,  which  will  increase  in  line  with 
the  average  7%. 

On  the  negative  side,  while  demand  for 
routers,  switches  and  network  security 
devices  "kicked  into  high  gear"  in  2004  with 
a  14%  increase  over  2003,  the  coming  year 
doesn't  bode  well,  according  to  Forrester. 
"The  financial  struggles  of  telcos  will  lead 
to  cutbacks  in  their  own  IT  investments  in 
2005,  causing  overall  growth  in  new  invest¬ 
ments  to  shrink  to  only  4%,”  Bartels  says. 

—  Denise  Dubie 
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architectures  that  give  boxes 
more  processing  power  and  flexi¬ 
bility  have  forced  software  ven¬ 
dors  to  take  a  closer  look  at  how 
they  license  their  applications. 

Oracle,  IBM  and  Sybase  say  they 
will  consider  each  core  a  CPU  for 
licensing  purposes,  but  analysts 
note  that  two  cores  on  a  die 
might  not  necessarily  mean  dou¬ 
ble  the  performance.  Microsoft  is 
alone  in  saying  that  it  will  charge 
strictly  per  CPU,  regardless  of  the 
number  of  cores.  Gartner  predicts 
companies  that  license  by  CPU 
could  see  software  costs  increase 
by  50%  or  more  by  year-end  if 
they  don’t  press  software  vendors 
for  changes  in  pricing  and  licens¬ 
ing  policies. 

One  licensing  approach  that’s 
gotten  a  lot  of  lip  service  will  con¬ 
tinue  to  disappoint:  utility-based 
software  pricing. 

Lots  of  vendors  talk  about  soft¬ 
ware  being  doled  out  and  sold 
like  a  utility  But  it’s  not  a  reality 
yet,  according  to  Gartner.  What’s 
available  today  from  software 
vendors  promoting  “utility- 
based”  pricing  models  are  sim¬ 
ply  billing  variations  on  tradi¬ 
tional  licensing  models. 

Charging  companies  by  the  seat 
for  software  is  like  utility  compa¬ 
nies  charging  customers  accord¬ 
ing  to  the  number  of  light  bulbs 
and  appliances  in  place  in  a 
home,  rather  than  by  how  much 
power  is  actually  consumed,  the 
research  firm  says.  Through  2006, 
no  enterprise  application  vendor 
or  application  service  provider 
will  offer  a  true  utility-based  pric¬ 
ing  model,  Gartner  says. 

Software  trends 

Linux  will  continue  to  be  the 
fastest-growing  server  operating 
system.  While  Windows  holds 
on  to  its  dominant  position, 
Linux  is  expected  to  account 
for  about  20%  of  volume  server 
shipments  in  2005,  up  from 
about  18%  of  the  market  in  the 
third  quarter  of  2004. 

“That’s  more  than  twice  the  rate 
of  growth  of  Windows  and  still 
less  than  a  third  of  Windows’ share 
in  volume,  but  it’s  into  a  very 
interesting  level,”  IDC’s  Gens  says. 

More  large  enterprise  users, 
such  as  the  Department  of  De¬ 
fense,  look  favorably  on  Linux, 
and  analysts  expect  that  to  ex¬ 
pand  in  2005,  with  users  bringing 
in  commercial  Linux  distribu¬ 
tions.  “The  romantic  image  of 
people  buying  into  open  source 
because  they  don’t  want  to  pay  a 
lot  of  money  is  a  bunch  of  hog- 
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Going  it  alone 

Network  quarantines 

After-the-fact  intrusion  detection 
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Spyware,  phishing 

Privacy 

Storage,  server  virtualization 
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Multifunction  LAN  switches 
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Open  source 

Paying  full  price  for  commercial  apps 

ITIL 

Six  Sigma 

Offshore  outsourcers 

Systems  integrators 

Pay-per-use  apps 

Shelfware 

Blade  servers 

Big  boxes 

Multi-core  chips 

Hot-running  processors 

wash, and,  in  fact, there  are  a  lot  of 
other  reasons  why  people  are 
moving  toward  open  source,” 
Gens  says. 

Meanwhile,  2005  is  expected  to 
be  the  year  that  open  source 
makes  a  big  move  beyond  infra¬ 
structure  services  such  as  file  and 
print.  The  adoption  of  open 
source  databases  such  as  MySQL 
and  open  source  application 
servers  such  as  JBoss  will  be  on 
the  rise  as  enterprise  users  get 
more  comfortable  with  Linux 
moving  up  the  stack. 

Outside  the  open  source 
camp,  Microsoft  isn’t  resting  on 
its  laurels. 

Microsoft  will  continue  its 
heavy  focus  on  security  in  2005, 
because  the  company  still  needs 
to  prove  to  the  market  it  can  get  it 
right.  First  up  will  be  the  delivery 
of  patch  management  help  that  is 
critical  to  proving  Microsoft  can 
provide  competent  tools  to  con¬ 
trol  its  own  platform. 

Key  software  for  corporate  cus¬ 
tomers  that  Microsoft  plans  to 
deliver  in  2005  includes 
Windows  Server  Update  (code- 
named  R2),  even  though  some 
key  features  have  been  stripped 
out;  versions  of  Windows  Server 
and  XP  for  processors  that  sup¬ 
port  64-bit  extensions;  and  the 
first  betas  of  Microsoft’s 
Longhorn  client  and  server. 

New  and  old 

The  offshore  outsourcing  trend 
isn’t  going  away.  Onshore  provi¬ 
ders  such  as  IBM  Global 
Services,  Capgemini,  Accenture 
and  HP  are  increasing  their  off¬ 
shore  presence,  and  the  services 
offshore  firms  provide  are 
becoming  increasingly  com¬ 
plex,  moving  into  areas  such  as 
CRM,  call  centers,  and  remote 
infrastructure  and  application 
management. 


Companies  in  growing  num¬ 
bers  will  look  to  offshore  IT  ser¬ 
vice  providers  in  2005  as  a  way  to 
cut  costs.  However,  the  offshore 
backlash  will  continue:  Accord¬ 
ing  to  Gartner,  through  2006,  half 
of  U.S.  companies  planning  off¬ 
shore  outsourcing  will  experi¬ 
ence  friction  from  the  public-pol¬ 
icy  arena  in  making  and  execut¬ 
ing  their  decisions. 

Meanwhile,  2005  could  be  the 
year  for  VoIP  Companies  such  as 
Ford  Motor,  Boeing  and  Bank  of 
America  are  testing  the  VoIP 
waters,  and  analysts  expect 
more  enterprise  users  to  follow 
suit. “VoIP  will  go  mainstream,  at 
least  in  the  enterprise,”  IDC’s 
Gens  says. 

Some  of  the  year’s  big  trends 
come  from  new  interest  in  old 
technologies,  such  as  the  IT  In¬ 
frastructure  Library  (ITIL). 

This  could  be  the  year  the  ITIL 
framework  goes  mainstream  in 
the  U.S.,  analysts  say  ITIL  is  a  set 
of  management  best  practices 
that  help  network  managers  set 
processes  and  better  document 
IT  actions  for  future  audits,  such 
as  those  related  to  new  regulato¬ 
ry  legislation.  “After  nearly  two 
decades  of  slow  growth  adop¬ 
tion,  it  looks  as  if  ITIL  may  expe¬ 
rience  its  big  breakthrough”  in 
the  U.S.  in  2005,  says  Rich  Ptak,a 
principal  at  Ptak,  Noel  & 
Associates. 

All  eyes  also  are  on  the  use  of 
radio  frequency  identification 
(RFID)  technology  Around  fora 
half-century,  RFID  is  finding  a 
place  in  supply-chain  infrastruc¬ 
tures,  fueled  by  some  big-name 
backers.  Wal-Mart’s  well-docu¬ 
mented  RFID  pilot  kicks  off  this 
month,  with  137  suppliers  due  to 
start  tagging  cases  and  palettes 
of  goods  destined  for  the  retail¬ 
er’s  three  designated  distribu¬ 
tion  centers.  ■ 


than  2004,  down  from  30%  growth  in  2003.  Saturation  is  rearing  its 
ugly  head.  The  cell  phone  is  the  new  display  device.  Don’t  you 
want  a  GPS  phone  with  a  built-in  Palm/camera  and  iPod?  Of 
course  you  do! 

4.  The  Internet  is  back  . . .  not  like  2000,  but  some  of  those  ideas  are 
cooking.The  Internet  is  still  a  revolutionary  technology  and  now  that 
the  worst  ideas  have  been  shaken  out,  it’s  on  the  move. 

5.  Application  service  providers  —  like  Salesforce.com  —  will  re- 
emerge.  Everyone  wants  to  buy  by  the  drink;  no  one  wants  to  own  the 
bar.  Lots  of  start-ups.The  pricing  model  destroys  the  economics  of  the 
older  line  firms,  but  it’s  the  way  companies  really  want  to  buy. 

6.  IPOs  start  warm  and  then  get  hot.There  are  too  many  companies 
that  need  to  raise  money  and  that  have  a  track  record  to  prove  it.  No 
Googles  but  no  Pets.com,  either.  These  fledgling  IPOs  are  backed  up 
like  airplanes  on  a  rainy  Friday  afternoon  at  LaGuardia. 

7.  Storage  is  up  —  isn’t  it  always?  No  corporation  will  throw  away 
any  data  —  ever.  The  problem  is  that  the  price  of  storage  is  down. 
Gotta  love  EMC. 

8.  Tech  spending  by  big  companies  will  be  up  4%  or  maybe  5%  — 
about  half  the  growth  of  the  economy.  The  trouble  is,  every  firm  has 
forecasted  a  10%  increase  in  market  share.  IBM  grows  in  single  digits. 

9.  Texas  Instruments  will  continue  to  kick  butt 
with  its  Display  Systems  Protocol  chips  in  cell 
phones  and  its  digital  light  processing  chips  in 
large  TVs.  You  are  about  to  enter  the  world  of 
high  definition,  and  size  does  matter. 

10.  Exports  are  up  and  imports  are  down  as  the 
U.S.  dollar  continues  to  get  beaten  up.  Which  is 
good.  Everyone  wonders  when  the  Chinese  will 

devalue,  but  it  really  doesn’t  matter.  Everything  is  getting  built  in 
China. 

11.  Japan,  which  looked  like  it  was  coming  out  of  its  slump,  goes 
back  into  it.  They  are  1  for  20  —  20  being  the  last  20  years.  Amazing 
that  they  haven’t  figured  it  out  yet. 

12.  China  is  on  everyone’s  mind.  It  dominates  the  low  end  of  tech¬ 
nology  and  threatens  the  high  end.  Everyone  predicted  the  former 
and  no  one  the  latter,  and  it’s  the  latter  that  has  everyone  scared  out 
of  their  minds. 

13.  Backlash  coming  on  outsourcing  but  not  enough  to  stop  it  in  its 
tracks.  The  price  advantage  of  India  dissipates  as  India  explores  re¬ 
outsourcing  to  China. 

14.  Cisco  struggles  at  the  high  end  vs.  Juniper  as  telcos  want  big- 
muscle  machines.  Cisco  holds  its  share  in  the  corporate  world  but  no 
longer  grows  at  40%  per  year.  Makes  lots  of  little  acquisitions. 

15.  Corporations  continue  to  be  skinflints,  not  because  they  don’t 
have  the  money  (they  do), but  because  they  don’t  see  the  payoff. They 
are  still  intent  on  driving  down  the  cost  per  transaction.  Big  software 
companies  such  as  Oracle  and  Computer  Associates  have  a  hard  time. 

16.  HP  struggles  more  than  most,  and  calls  are  made  for  CEO  Carly 
Fiorina’s  head. 

17.  There  is  no  New  Big  Thing  this  year. 

18.  The  digital  home  is  one  of  the  few  bright  spots. 

19.  Linux  continues  to  go  mainstream  —  everyone  says  they  are 
onboard. The  open  source  movement  becomes  a  love-in. 

20.  VoIP  is  a  given  everywhere  but  on  Mahogany  Row. 

21.  Blade  servers  are  everywhere  —  and  they  are  based  on  open 
source.Take  that,  Sun! 

22.  The  Sarbanes-Oxley  Act  is  almost  but  not  quite  the  spending  dri¬ 
ver  that  Y2K  was.  Beneficiaries:  SARMercury  Interactive,  Symantec. 

23.  ERP  and  CRM  are  dead,  and  there  is  nothing  hot  to  replace 
them. 

24.  “Excess  capacity”  becomes  a  dirty  phrase;  IT  people  want  “just- 
in-time”  capacity. 

25.  Cell  phone  safety  becomes  an  issue  as  more  than  a  few  sponta¬ 
neously  ignite. 

Anderson  is  senior  managing  director  of  YankeeTek  Ventures,  a 
Cambridge,  Mass. ,  venture  capital  fund  for  early-stage  technology  com¬ 
panies.  He  is  also  founder  of  The  Yankee  Group  and  the  William  Porter 
Distinguished  Lecturer  at  the  Massachusetts  Institute  of  Technology.  He 
can  be  reached  at  handerson@yankee  tek.com. 
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‘Super  3G’  standard 
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Current  and  emerging  options  for  high-speed  wireless. 
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Speed 

Status 

UMTS 

Up  to  384K  bit/sec  (burst) 

Available 

OFDM 

Up  to  1.5M  bit/sec 

Available 

EV-DO 

Up  to  2.4M  bit/sec  (burst) 

Available 

HSDPA 

Up  to  14.4M  bit/sec 

In  trials 

4G 

Up  to  300M  bit/sec 

In  trials 

■  BY  ANN  BEDNARZ 

Dave  Barnes  learned  a  lot  about 
how  UPS  operates  in  his  ascent 
from  part-time  package  handler 
to  senior  vice  presi¬ 
dent  and  CIO.  He 
joined  the  Atlanta 
company  in  1977  as 
a  college  student 
and  last  week  was 
elevated  to  the  com¬ 
pany’s  highest  tech¬ 
nology  position. 

In  between,  Barnes 
held  multiple  posi¬ 
tions  in  the  U.S.  and 
abroad,  including 
stints  in  operations, 
finance,  internal 
audit  and  at  UPS 
Airlines.  Most  recently  he  was 
vice  president  of  customer  and 
operations  application  portfolios, 
charged  with  coordinating  global 
application  development  and 
overseeing  the  direction  of  3,000 
of  UPS’ 4,700  IT  workers. 

Working  in  different  depart¬ 
ments  at  UPS  has  given  Barnes 
business  knowledge  that’s  key  to 
being  a  successful  CIO,  he  says. 

As  CIO,  Barnes  will  have  say-so 
over  the  company’s  $1  billion  IT 
budget  and  an  opportunity  to 
help  set  corporate  strategy  as  a 
member  of  the  UPS  Management 
Committee,  which  directs  its  day- 
to-day  management. 

Improving  operations  requires 
an  attitude  of  “constructive  dis¬ 
satisfaction,”  he  says.  “We’re  a 
good  company  with  market¬ 
leading  processes.  But  there  are 
always  ways  to  make  it  better.The 
key  to  that  is  to  be  constructively 
dissatisfied.” 

Security  continues  to  be  a  prior¬ 
ity  for  UPS.  Barnes  bears  the 
weight  of  the  typical  IT  security 
issues  posed  by  viruses  and  other 
threats.  Physical  security  of  build¬ 
ings  and  vehicles  also  is  becom¬ 
ing  more  critical  to  IT,  as  these 
resources  play  more  important 
roles  in  synchronizing  global 
commerce,  he  says. 

“The  movement  of  goods  and 
the  movement  of  information  are 
really  tied  together. You  can’t  have 
one  without  the  other  in  today’s 
environment,”  Barnes  says. 

One  of  the  company’s  current 
challenges  is  to  continually  im¬ 
prove  a  system  for  tracking  goods 
that’s  flexible  and  comprehensive 
enough  to  support  multiple  tech¬ 


nologies.  For  example,  UPS  de¬ 
pends  on  bar-code  scanning  sys¬ 
tems  built  for  the  familiar  hand¬ 
held  unit  UPS  drivers  carry,  called 
Delivery  Information  Acquisition 
Device  (DIAD).  It’s 
also  been  piloting 
radio  frequency  id¬ 
entification  (RFID) 
technology  for  track¬ 
ing  goods  at  the  case 
and  palette  level 
throughout  the  sup¬ 
ply  chain. 

“The  movement  of 
goods  through  the 
supply  chain  can  be 
captured  by  a  com¬ 
bination  of  technolo¬ 
gies.  It  might  be 
RFID,  it  might  be 
delivery  information  from  the 
DIAD,  it  might  be  bar-code  scan¬ 
ners,”  Barnes  says.  In  order  to  have 
that  information  flowing,  you 
have  to  have  secure  systems.” 

Barnes  succeeds  Ken  Lacy, 
who  is  retiring  after  37  years 
with  UPS.  ■ 


■  BY  JIM  DUFFY 

The  3G  Partnership  Project  —  a 
consortium  of  200  wireless  ven¬ 
dors  and  operators  —  has  begun 
a  study  to  determine  the  feasibil¬ 
ity  of  defining  a  standard  that 
supports  wireless  downlink 
speeds  as  high  as  100M  bit/sec. 

For  users,  the  technology  prom¬ 
ises  greater  bandwidth  for  sup¬ 
port  of  new  and  emerging  wire¬ 
less  applications  and  services.  For 
service  providers,  it  could  intro¬ 
duce  radio  spectrum  efficiencies 
and  herald  a  new  wave  of  rev¬ 
enue-generating  services. 

At  its  December  2004  meeting 
in  Athens,  the  group  agreed  to 
“undertake  a  study  on  the  longer 
term  evolution  of  the  [3G]  radio 
interface,”  a  3GPP  spokesman 
says.The  study  will  be  conducted 
by  the  3GPP’s  Radio  Access 
Network  (RAN)  working  group, 
which  expects  to  complete  its 
investigation  in  June  2006. 

Specifications  for  this  “Super 
3G”  standard  might  be  ready  by 


June  2007,  according  to  the  3GPP 
spokesman. 

Although  the  proposal  for  the 
study  was  authored  by  26  firms 
within  the  3GPP  —  including 
NTT  DoCoMo,  Alcatel,  Cingular 
Wireless,  Ericsson,  Lucent,  Motor¬ 
ola,  Nokia,  Nortel,  Qualcomm, 
Siemens,  T-Mobile  and  Vodafone 
—  the  work  will  include  all  200 
members  of  the  3GPPthe  spokes¬ 
man  says. 

The  project  follows  up  a  3GPP 
RAN  Longterm  Evolution  Work¬ 
shop  that  took  place  jn  Toronto 
last  November.The  work,  does  not 
specify  any  particular  technolo¬ 


gies — such  as  High-speed  Down¬ 
link  Packet  Access  (HSDPA), 
Evolution-Data  Only  (EV-DO), 
Universal  Mobile  Telecommun¬ 
ications  System  (UMTS)  or  Ortho¬ 
gonal  Frequency  Division  Multi¬ 
plexing  (OFDM)  —  but  indicates 
a  need  for  identifying  methods 
for  greater  bandwidth  that  maxi¬ 
mize  the  use  of  the  radio  spec¬ 
trum,  and  offer  increased  flexibil¬ 
ity  for  the  delivery  of  future  ser¬ 
vices,  the  spokesman  says. 

The  study’s  task  is  to  define  the 
relevant  technologies,  spectrum 
requirements  and  other  issues  — 
and  then  to  launch  the  standard¬ 
ization  activity  he  says. 

Currently,  3G  technologies,  such 
as  EV-DO  and  UMTS,  offer  speeds 
of  up  to  2.4M  and  384K  bit/sec, 
respectively  Both  are  based  on 
Code  Division  Multiple  Access 
technology 

OFDM  provides  download 
speeds  between  1M  and 
1.5M  bit/sec,  and  upload  speeds 
between  300K  and  500K  bit/sec. 
HSDPA,  which  is  being  trialed  by 
Cingular  and  other  operators,  of¬ 
fers  data  rates  up  to  14.4M  bit/sec. 

With  these  available  options 
and  work  underway  to  define 
fourth-generation  (4G)  wireless 
standards,  some  analysts  ques¬ 
tion  the  need  for  Super  3G.  The 
all-IP-based  4G,  which  NTT 
DoCoMo  has  tested  since  1998,  is 
said  to  reach  speeds  of  100M  to 
300M  bit/sec.  It’s  considered  by 
some  —  like  India’s  IT  and  com¬ 
munications  ministry  —  to  be  a 
more  cost-effective  high-speed 
alternative  to  3G. 

“There  are  a  number  of  stan¬ 
dards  already  out  there  —  and 
being  formed  at  the  present  time 
—  to  define  4G,”says  Larry  Swasey 
a  senior  analyst  at  Visant  Strat- 
egies.“It  seems,  at  least  for  the  next 
four  or  five  years,  the  plate’s  set: 
You  know  what  you  need,  you 
know  what  you’re  going  to  use.  So 
Super  3G  isn’t  really  relevant  until 
someone  shows  a  market  need.”B 


NT  holdouts  paying  a  price 


■  BY  JOHN  FONTANA 

Although  Microsoft  last  month  offered  users  what 
appeared  to  be  an  olive  branch  by  extending  fee- 
based  custom  support  for  NT  through  2006,  the  ser¬ 
vice’s  flat-rate  pricing  instead  reinforces  to  many  a 
curt  message:  Get  off  NT. 

Some  users  have  reported  price  quotes  on  custom 
support  for  NT  as  high  as  $250,000  for  six  months. 
Microsoft  didn’t  disclose  its  flat-fee  pricing  when  it 
extended  the  custom  support  program. 

“I  thought  the  quote  Microsoft  gave  us  was  quite 
insane,”  says  a  network  executive,  who  asked  not  to 
be  identified.  He  was  looking  to  support  a  small 
number  of  NT  servers  and  workstations,  but  gagged 
on  the  $250,000  price  tag.  “It  seemed  like  Microsoft 
was  offering  some  hope,  but  not  really’ 

Analysts  say  the  reality  is  that  NT,  first  introduced  in 
1996,  is  dead  even  though  Gartner  estimates  that 
more  than  10%  of  installed  desktops  in  large  com¬ 
panies  and  up  to  20%  of  installed  Windows  servers 
still  are  running  it. 

“The  pricing  is  kind  of  an  incentive  to  upgrade  isn’t 
it?”  says  Jeff  Allred,  manager  of  network  services  at 
the  Duke  University  Cancer  Center.  Allred,  who  is 
down  to  one  cluster  of  NT  servers  and  plans  to 
replace  with  Windows  2003  within  six  months,  says 
he  is  glad  he  has  staff  in-house  to  support  NT. 

According  to  Gartner  analyst  Tom  Bittman, 
Microsoft  does  not  publish  support  prices  because 
they  are  part  of  custom  deals  and  negotiating  points 
with  those  who  plan  to  migrate. 


“Microsoft  is  not  motivated  to  help  unless  you 
plan  to  migrate,  because  there  is  not  a  lot  of 
money  to  be  made  in  support  of  NT,”  Bittman  says. 
He  adds  custom  support  is  particularly  unfriendly 
to  any  company  with  just  a  few  NT  boxes  because 
support  is  priced  per  company;  which  means  a 
company  with  five  NT  servers  pays  the  same  price 
as  one  with  1,000. 

Support  for  NT,  which  had  been  extended  previ¬ 
ously  was  slated  to  expire  Jan.  1,2005.  A  December 
report  by  Gartner  said  custom  support  for  NT  work¬ 
stations  and  servers  traditionally  has  been  $200,000 
per  year.  With  the  offer  made  in  December,  Microsoft 
said  customers  could  sign  up  for  contracts  that  ran 
only  three  months  to  control  costs  and  provide  flex¬ 
ibility  for  those  close  to  completing  migrations. 

“This  is  a  custom  piece  of  support, so  you  are  going 
to  pay  through  the  nose  for  it,”  says  Laura  DiDio,  an 
analyst  with  The  Yankee  Group. “Support  is  going  to 
become  much  more  expensive  if  you  stay  on  these 
old  systems.” 

The  situation  that  NT  holdouts  find  themselves  in 
appears  to  be  a  result  of  evolution. 

“It  used  to  be  quite  common  for  users  to  load  up 
an  app  and  it  just  ran  and  ran,”  says  Gordon  Haff,an 
analyst  with  Uluminata.  Those  “functional”  set-ups 
have  become  obsolete  with  pervasive  computing, 
he  says.  “Now  a  system  has  to  be  secure  as  well  as 
functional,  and  that  is  a  whole  different  dynamic. 
That  means  it  is  not  OK  to  run  an  [operating  system] 
that  is  not  supported  any  longer.  NT  4  is  in  that  cate¬ 
gory,  functional  but  not  supported.”* 


UPS'  Dave  Barnes  is 
prepared  to  tackle  the 
security  challenge  in 
his  new  role  as  CIO. 


Just  because  you  are  in  the  field 
doesn’t  mean  you  are  out  of  touch. 


■ 


V 


When  you're  out  in  the  field,  you  don't  want  to  be  out  of  touch.  That's  where  the  BlackBerry  Enterprise 
Solution  comes  in.  This  solution  offers  you  secure,  wireless  access  to  your  dispatch  and  scheduling 
systems,  automation  applications  and  even  parts  inventory.  Wirelessly  receive,  review  and  dose  service 
tickets  wherever  you  happen  to  be.  And  you  can  even  look  up  the  latest  service  trends,  repair  workarounds 
and  product  bulletins.'  The  result  is  less  time  away  from  the  field  and  most  importantly,  better  customer 

■ 

service.  It's  not  just  a  better  way  to  work  in  the  field.  It's  a  better  way  to  serve  your  customers. 
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Get  your  "BlackBerry 
Extensibility  Kit" 
Today! 


More  Than  Wireless  E-mail 
Order  the  BlackBerry  Extensibility  Kit  to  find 
out  how  you  can  improve  your  service  team's 
effectiveness  and  efficiency  in  the  field. 

Visit:  www.blackberry.com/go/xkit 


;  ■  ■  o  : 


■’A., 


©20C 
Always 
for  ava 
or  thirc 
feature 
others, 
these  p 
third  pa 
third  pa 


* 

§33  NetworkWorld 

1/10/05 

News 

www.nwfusion.com 

CES 

continued  from  page  1 

Interviewed  by  O’Brien,  Gates 
said  Microsoft  can  enable  that 
lifestyle  with  products  available 
today,  such  as  Windows  XP 
Media  Center  Edition,  Portable 
Media  Centers,  MSN  online  ser¬ 
vices  and  the  Xbox  game  con¬ 
sole. 

But  minutes  later,  a  Windows  XP 
Media  Center  Edition  PC  repeat¬ 
edly  failed  while  show¬ 
ing  a  slide  show  of  digi¬ 
tal  photos  of  O’Brien 
and  Gates  out  for  a  night 
on  the  town. 

But  that  didn’t  stop 
other  CES  vendors  from 
demonstrating  an  array 
of  network  and  client 
technologies. 

Future  nets 

Some  of  the  most 
advanced  wireless  net¬ 
work  technologies  were 
on  display  including  mul¬ 
tiple  input  multiple  output 
(MIMO)  and  ultrawideband 
(UWB).  MIMO  is  the  basis  of 
the  next  IEEE  WLAN  standard, 
802.1  In,  which  will  have  a 
minimum  throughput  of  more 
than  100M  bit/sec.  UWB  will 
appear  later  this  year  in  prod¬ 
ucts  that  create  a  wireless  USB 
connection  among  a  plethora 
of  devices  such  as  PCs,  flat 
plasma  screens  and  media 
servers. 

Samsung  Electronics  and 
Athena  Semiconductor  demon¬ 
strated  the  effects  of  their  just- 
announced  jointly  developed 
MIMO  product:  a  single  integrat¬ 
ed  circuit  that  incorporates  three 
transceivers.  The  demonstration 
transmitted  two  high-definition 
TV  streams  and  one  standard- 
definition  videostream  over  a 
link  that  maintained  a  consistent 
throughput  of  more  than  50M 
bit/sec. 

Cisco’s  Linksys  announced  a 
wireless  802.1  lg  router  and  client 
PC  card  based  on  Airgo’s  MIMO 
chipset.The  chipset  package  uses 
two  radios,  three  antennas  and 
Airgo’s  algorithms  to  boost 
802.1  lg  range  by  up  to  three 
times,  and  throughput  by  up  to 
eight  times. 

A  conventional  802.1  lg  access 
point  has  a  data  rate  of  54M 
bit/sec  but  useable  throughput  in 
the  range  of  18M  to  24M  bit/sec.  It 
reaches  about  300  feet,  although 
throughput  drops  as  distance 
increases. 

Nearly  two  dozen  companies 
showcased  the  rapidly  evolving 
UWB  wireless  technology.  UWB 


transmits  data  at  very  low  power, 
at  an  optimal  range  of  about  12 
feet,  with  throughput  of  about 
400M  bit/sec.  One  of  the  first  uses 
likely  will  be  to  replace  USB 
cables  with  a  UWB  wireless  con¬ 
nection  between  PCs  and  periph¬ 
eral  devices.  Another  use  is  a 
wireless  version  of  the  FireWire 
1394  standard,  which  defines  a 
method  for  high-speed  streaming 
video  applications. 

The  Multiband  OFDM  Alliance 


—  which  includes  chip  makers, 
software  developers  and  a  pack 
of  name-brand  consumer  elec¬ 
tronics  vendors  —  is  promoting 
one  version  of  UWB.  Members 
say  they  expect  products  out  by 
year-end,  initially  for  wireless 
USB.  Freescale  Semiconductor,  a 
Motorola  spinoff,  is  promoting  a 
rival  UWB  version.  The  two 
groups  are  fighting  it  out  in  the 
IEEE  802.15.3a  task  group,  but 
both  plan  to  go  ahead  with  prod¬ 
ucts  whether  or  not  the  IEEE  stan¬ 
dard  advances. 

Start-up  Video54  Technologies 
unveiled  a  wireless  beam-steering 
technology,  dubbed  BeamFlex, 
that  uses  software  and  multiple 
antenna  arrays  to  direct  standard 
802.11  wireless  LAN  (WLAN)  sig¬ 
nals  around  radio  interference 
and  physical  barriers. 

The  company  headed  by  Selina 
Lo,  former  marketing  executive  at 
Alteon  WebSystems  and  Nortel, 
says  that  BeamFlex  creates  a 
threefold  boost  in  WLAN  through¬ 
put  and  range.  The  technology  is 
intended  to  optimize  WLAN  sig¬ 
nals  for  streaming  video.  WLAN 
vendor  Netgear  is  building 


BeamFlex  into  its  RangeMax  line 
of  WLAN  products. 

Such  devices  will  accelerate 
the  demand  for  vast  numbers  of 
IP  addresses.  A  CES  panel  on 
IPv6,  which  is  designed  to  break 
the  current  Internet  addressing 
logjam,  said  this  next-generation 
scheme  will  make  it  much  easier 
to  configure  devices  automati¬ 
cally,  make  every  IP  device 
addressable  and  forge  secure 
peer-to-peer  connections  that 


promise  to  finally  break  the  back 
of  spammers. 

Panelists  acknowledged  that 
U.S.  adoption  of  IPv6  is  slow  but 
expect  it  to  begin  picking  up 
speed  this  year,  partly  as  the 
result  of  Microsoft’s  plan  to  intro¬ 
duce  IPv6  as  a  native  element  in 
the  Longhorn  release  of  Win¬ 
dows  XR  in  2006  for  clients  and 
2007  for  servers,  and  partly  as  the 
result  of  the  Department  of  De¬ 
fense’s  decision  last  year  to  man¬ 
date  the  use  of  IPv6  in  its  IT  pur¬ 
chases.  Microsoft  is  using  IPv6  in 
12  buildings  on  its  Redmond, 
Wash.,  campus,  says  Ted  Tanner, 
architectural  specialist  with  the 
company’s  Strategic  Relations 
and  Policy  Group. 

Panasonic  is  scheduled  this 
year  to  introduce  additional 
products,  besides  its  current 
crop  of  digital  cameras  and 
home  gateways,  that  will  support 
IPv6  as  an  option,  using  the  cur¬ 
rent  release  of  Windows  XPAnd 
that’s  just  the  beginning,  says 
Alexander  Ramia,  senior  group 
manager  with  Panasonic  Tech¬ 
nologies.  He  sketched  a  vision  of 
Panasonic  appliances  installed 


in  a  home  and  accessible  via  a 
network  connection  and  IPv6 
addresses. 

A  new  breed  of  service  pro¬ 
viders,  for  Internet-based  VoIP 
phone  service,  was  out  in  force. 
Level  3  Communications,  a 
wholesaler  of  VoIP  services  to 
RBOCs,  cable  companies  and 
others,  announced  it  can  now 
offer  E911  services  to  about  60 
million  U.S.  households. 

The  new  capability  means  ser¬ 
vice  providers  now  can 
identify  automatically 
a  911  caller’s  address 
and  pass  that  data  to 
police,  firefighters  or 
EMTs.  Previously,  a  VoIP 
provider  could  provide 
only  a  caller’s  phone 
number. 

“Our  partners  can  now 
replace  the  land  line” 
with  VoIP  says  Cynthia 
Carpenter,  vice  presi¬ 
dent  of  marketing  for 
Level  3’s  consumer 
voice  services. 

“VoIP  will  be  the 
phone  line,”  she  says. 

VoIP  providers  such 
as  BroadVoice 

fielded  questions  from 
attendees.  “Can  I  listen 
to  my  e-mail  mes¬ 
sages?”  one  user  asked. 
“What  happens  if  some¬ 
one  sends  me  a  fax?” 

Anyone  with  a  broad¬ 
band  connection  can 
use  the  BroadVoice  ser¬ 
vice,  said  Leslie  Berry  vice  presi¬ 
dent  of  customer  care.  A  phone 
adapter  lets  customers  use  touch- 
tone  phones  to  make  and  receive 
calls  via  a  DSL  router  or  cable 
modem,  through  the  BroadVoice 
IP  servers. 

The  company  recently  intro¬ 
duced  an  802. 1 1-based  wireless  IP 
phone,  which  lets  subscribers 
make  BroadVoice  calls  over  any 
open  WLAN  network. 

The  IDG  News  Service  con¬ 
tributed  to  this  story. 


More  online! 


Couldn't  mako  it  to  CES  last  week? 
No  problem  —  get  the  lowdown  on  all 
the  product  announcements  and 
launches,  keynotes  and  events  at  our 
CES  news  page. 
DocFinder:  5342 
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■  VOIP  ■  WIRELESS  LANS 


NIST  mulls  new  WLAN  security  guidelines 


■  BY  ELLEN  MESSMER 

The  National  Institute  of  Standards  and 
Technology  the  federal  agency  responsible 
for  defining  security  standards  and  prac¬ 
tices  for  the  government,  plans  to  issue 
new  guidelines  pertaining  to  wireless  LANs 
in  the  near  future. 

The  decisions  NIST  reaches,  possibly  as 
early  as  this  month,  will  broadly  affect  fed¬ 
eral  agency  purchases  of  WLAN  equip- 


■  Rivals  AEP  Systems  and  Netilla 

have  merged  to  form  AEP  Networks 
in  the  hope  of  gaining  enough  busi¬ 
ness  to  survive  the  shakeout  among 
SSL  remote-access  vendors.  AEP's 
CEO  Pat  Donnellan  will  continue  as 
CEO  of  the  merged  company,  and 
Netilla's  CEO  will  become  its  execu¬ 
tive  vice  president.  AEP  took  on  $5 
million  more  in  venture  capital  money 
from  its  existing  investors.  Both  AEP 
and  Netilla  were  running  on  venture 
money,  but  say  their  combined  cus¬ 
tomers  and  distribution  networks  will 
generate  enough  revenue  to  put  the 
combined  business  in  the  black. 

■The  number  of  cybersecurity  profes¬ 
sionals  is  projected  to  grow  at  an  an¬ 
nual  compound  rate  of  nearly  14% 
from  now  until  2008,  according  to  a 
November  2004  study.  “The  in¬ 
formation  Security  Workforce 
Study,”  conducted  by  I  DC  for  the  In¬ 
ternational  Information  Systems  Sec¬ 
urity  Certification  Consortium,  pro¬ 
jects  that  the  number  of  information 
security  professionals  worldwide  will 
be  2.1  million  in  2008,  up  from  1.3  mil¬ 
lion  currently.  The  survey  of  5,371  full¬ 
time  information  security  profession¬ 
als  in  80  countries  found  that  97%  of 
respondents  had  moderate  to  very 
high  expectations  for  career  growth. 
Security  professionals  also  have  expe¬ 
rienced  growth  in  job  prospects,  ca¬ 
reer  advancement,  higher  base  salar¬ 
ies  and  salary  premiums  for  certifica¬ 
tion  at  faster  rates  than  other  areas. 


ment,  because  federal  agencies  are  re¬ 
quired  to  follow  NIST  recommendations. 
According  to  William  Burr,  manager  of 
NIST’s  security  technology  group,  the 
agency  is  focusing  on  whether  to  approve 
the  IEEE’s  802. Hi  WLAN  security  standard 
for  encryption  and  authentication  as  a  gov¬ 
ernment  standard.  The  IEEE  approved 
802.1  li  last  July  but  Burr  says  NIST  is  not 
keen  on  some  aspects  of  it. 

Specifically  NIST  has  reservations  about 
the  so-called  Temporal  Key  Integrity  Proto¬ 
col  (TKIP),  which  is  the  key  management 
protocol  in  802.1  li  that  uses  the  same 
encryption  engine  and  RC4  algorithm  that 
was  defined  for  the  Wired  Equivalent 
Privacy  protocol  (WEP). 

The  40-bit  WEP  used  in  many  early  WLAN 
products,  was  criticized  widely  in  the  past 
two  years  as  having  too  short  a  key  length 


and  a  poor  key  management  scheme  for 
encryption.  TKIP  is  a  “wrapper”  that  goes 
around  WEP  encryption  and  ensures  that 
TKIP  encryption  is  128  bits  long. 

TKIP  was  designed  to  ensure  it  could 
operate  on  WLAN  hardware  that  used  WEP 
In  contrast,  the  128-bit  Advanced  Encryp¬ 
tion  Standard  (AES),  which  NIST  already 
has  approved,  requires  a  hardware  change 
for  most  older  WLAN  equipment. 

“We  just  don’t  feel  that  the  TKIP  protocol 
cuts  the  grade  for  government  encryption,” 
Burr  says.  He  adds  that  the  RC4  encryption 
algorithm  is  not  a  Federal  Information 
Processing  (FIPS)  standard  and  probably 
won’t  ever  be  because  network  profession¬ 
als  see  RC4  as  rather  weak  in  terms  of  mes¬ 
sage  authentication  and  integrity 

NIST  is  more  inclined  to  approve  AES  for 
WLAN  security  and  in  fact  Burr  pointed  to 


the  NIST  document  800-38C,  published  last 
summer,  for  encryption  that  includes  the 
AES  algorithm. 

As  far  as  the  key  management  scheme  for 
key  exchange  and  setup  is  concerned, 
NIST  might  introduce  a  new  key-manage¬ 
ment  technology  that’s  been  jointly  devel¬ 
oped  with  the  National  Security  Agency 

“We  have  to  make  the  decision  soon, ’’says 
Burr,  who  notes  that  vendors  that  make 
WLAN  equipment  and  their  customers  in 
the  federal  agencies  are  awaiting  NiSTs 
determinations. 

“Right  now,  there’s  a  lot  of  pressure  on  to 
get  this  worked  out  since  the  agencies 
want  to  buy  wireless  networks  and  the 
vendors  very  much  want  them  to,”  he  says. 
Because  NIST’s  recommendations  are 
binding  as  a  purchasing  requirement,  sev- 

See  NIST,  page  18 


Texas  A&M  probes  traffic  for  assaults,  faults 


■  BY  JOHN  COX 

Texas  A&M  University  has 
improved  the  network  man¬ 
agement  and  security  for  its 
sprawling  wireless  and  wired  cam¬ 
pus  network  with  an  application 
that  sifts  through  traffic  for  abnor¬ 
malities  or  irregularities. 

By  identifying  patterns  and  dis¬ 
secting  them,  the  application, 
named  QRadar,  gives  the  university’s 
network  managers  a  clear  view  of 
what’s  really  happening  for  all 
devices  and  protocols  on  the  net¬ 
work.  The  software  lets  operations 
staff  quickly  detect  worms,  peer-to- 
peer  traffic,  port  scans,  and  other 
signs  of  both  cyberattacks  and 
equipment  malfunctions. 

Getting  that  level  of  detail  across 
an  entire  network  is  difficult  with¬ 
out  software  like  this,  according  to 
Willis  Marti,  associate  director  of 
computing  for  Texas  A&M  in 
College  Station.  “Other  tools  are 
See  Texas  A&M,  page  18 


Network  radar  screen  at  Texas  A&M 


Texas  A&M  uses  software  company  Ql’s  QRadar  application  to  gather 
every  detail  about  its  extensive  campus  network  traffic.  The  software 
lets  operations  staff  quickly  detect  worm  attacks,  peer-to-peer  traffic 
problems,  port  scans  and  other  signs  of  trouble. 


O  QFlow  collectors  connect  to  ©  Server  program  receives  collector  ©  Console  shows  alerts  and  lets 
network  device.  data,  analyzes  it  and  flags  managers  drill  down  for  deteHc 

abnormalities.  Cisco’s  I0S  Netflow  about  traffic  abnormalities 
application  also  sends  other  net- 
related  traffic  information  to  QRadar 
application. 
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Extreme  switch  packs  speed,  reliability 


Extreme’s  LAN  revamp 


With  its  Aspen  8800  series  chassis,  Extreme  says  customers  can  build  simpler,  more 
reliable  LANs  with  less  gear. 


link  switches  directly  to  the  backbone.  sub-50-millisec  failover  in  case  of  cable  or  switch  failure. 


■  BY  PHIL  HOCHMUTH 

Extreme  Networks  this  week  is 
expected  to  launch  new  switch 
chassis  aimed  at  letting  users  link 
wiring  closets  directly  to  the  LAN 
core  via  10G  Ethernet,  while  pro¬ 
viding  low  latency  and  five-nines 
connectivity  for  IP  phones,  PCs 
and  other  network  devices  at  the 
LAN  edge. 

The  Aspen  8800  switch  series 
couid  help  businesses  deploy  IP 
telephony  Gigabit  to  the  desktop 
and  Wi-Fi  access  points  with  high- 
density  10/100/1000M  bit/sec 
blades  and  Power  over  Ethernet 
(BoE)  on  each  port.The  boxes  are 
part  of  a  new  LAN  architecture 
Extreme  is  pushing,  in  which 
edge  chassis  link  to  a  core  switch 
via  10G  Ethernet  and  use  carrier- 
based  technology  for  providing 
SONET-comparable  failover  capa¬ 
bilities.  Extreme  says  this  ap¬ 
proach  reduces  switches  on  a 
network  by  eliminating  aggrega¬ 
tion  layer  boxes  while  making 
connections  faster  and  easier  to 
manage. 

The  Aspen  switches  come  in  10- 
and  six-slot  configurations.  Line 
cards  support  up  to  48  ports  of 
10/100/1000M  bit/sec  Ethernet 
and  PoE.A  four-port  10G  Ethernet 
blade  is  also  available.  Aspen  is 
the  second  product  line  to  run 
Extreme’s  XOS  switch  operating 
system  —  a  modular,  Unix-based 
operating  system  —  introduced 
on  its  BlackDiamond  10K  switch 
last  year. 

The  Aspen  boxes  also  support 
Extremes  Ethernet  Automatic 
Protection  Switching  (EAPS)  pro¬ 
tocol,  a  Layer  2  switching  technol- 


NIST 

continued  from  page  17 

eral  agencies  are  holding  back 
from  WLAN  deployments  until 
they  hear  from  NIST. 

“The  Department  of  Agricul¬ 
ture,  of  instance,  is  trying  to  get 
out  a  policy  for  the  entire  agency 
for  what  they  should  do  for  wire¬ 
less  networks,”  Burr  says.  He  adds 
that  the  department  doesn’t  want 
to  buy  something  that  might  have 
to  be  changed  after  NIST  issues 
its  determinations. 

The  goal  is  to  have  WLAN  secu¬ 
rity  guidelines  in  place  soon  for 
the  NIST-certified  independent 
testing  labs  that  run  test  evalua¬ 
tions  for  a  range  of  network 
equipment  under  the  FIPS  re¬ 
view  process.* 


ogy  developed  for  metropolitan 
Ethernet  service  provider  net¬ 
works.  EAPS  lets  Ethernet  switch¬ 
es  be  configured  in  a  ring,  similar 
to  SONET  networks,  and  allows 
for  failover  of  a  link  in  50  millisec 
(the  same  time  it  takes  a  SONET 
network  to  reconfigure  a  link). 

Five  Aspen  switches  will  be  in¬ 
stalled  in  wiring  closets  in  a  new 
corporate  facility  at  Luxottica  Re¬ 
tail  in  Cincinnati,  which  operates 
LensCrafters,  Sunglass  Hut  and 
Luxottica  stores  in  the  U.S.  The 
boxes  will  support  PC,  IP  tele¬ 
phone  and  wireless  endpoints  for 
up  to  600  employees,  says  Steph¬ 
en  Bosch,  the  company’s  enter¬ 
prise  architect. 

Luxottica  Retail  plans  to  install 
Aspen  switches  at  the  edge,  with 
dual-homed  Gigabit  Ethernet  con¬ 
nections  to  two  Extreme  Black- 
Diamond  switches  in  the  core. 
EAPS  will  create  a  virtual  ring 
among  each  Aspen,  and  the  two 
core  boxes.  Six  hundred  Avaya  IP 
phones  will  run  on  the  flat,  Layer  2 
LAN  segment  with  Avaya  IP  PBXs 
only  two  hops  away  attached  to 
Extreme  BlackDiamond  switches 
in  the  core.  Other  applications  will 
run  on  the  company’s  Layer  3 
LAN  segments. 

“Having  all  voice  on  a  that  flat 
EAPS  network  will  let  us  seg¬ 
ment  and  isolate  that  traffic  and 
ensure  it  gets  the  highest  QoS,” 
Bosch  says. 

The  Aspen  switches  support 
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continued  from  page  17 


several  security  and  authentica¬ 
tion  features  and  standards,  in¬ 
cluding  802.  lx  and  media 
access  control  authentication, 
which  lets  administrators  track 
what  clients,  either  wired  or 
wireless,  can  gain  access 
through  a  switch  port. 

The  switches  also  can  apply  net¬ 
work  policies  to  multiple  devices 
trying  to  access  the  network 
through  one  port. 

Extreme  also  says  a  mix  of  hard¬ 
ware  and  software  features  can  let 


The  university’s  network,  which 
uses  primarily  Cisco  and  Alcatel 
gear,  is  huge,  covering  what  Marti 
says  is  the  geographically  largest 
U.S.  campus,  including  more 
than  200  buildings,  an  airport 
and  a  rail  line.  There  are  45,000 
students,  16,000  faculty  and  staff 
members,  and  60,000  end-user 
ports,  of  which  about  38,000  are 
active  at  any  time.  About  58%  of 
the  net  is  100M  bit/sec  switched 
Ethernet.  About  300  WLAN 
access  points  give  wireless  cov¬ 
erage  in  selected  public  areas. 

All  this  makes  for  a  natural 
focus  on  security 

“We  force  users  to  use  a  VPN 
and  authenticate”  before  gaining 
access,  Marti  says.  Rounding  out 
the  security  framework  are: 

•  Cisco  VPN  servers. 

•  A  campus  Lightweight  Direct¬ 
ory  Access  Protocol  server  for 
authentication. 

•  A  distributed  intrusion-detec- 


an  Aspen  8800  series  switch  run 
with  only  5.26  minutes  of  down¬ 
time  over  a  year  —  the  vaunted 
five-nines.  The  modules  include 
redundant  power  supplies,  fans 
and  dual  management/switch 
fabric  modules,  which  provide 
instant  failover,  according  toVarun 
Nagaraj,  Extreme’s  vice  president 
of  product  management. 

The  Aspen  8800  will  compete 
with  wiring  closet  chassis 
switches,  such  as  3Com’s  Switch 
4007,  HP’s  5300  series,  Cisco’s 


tion  system  from  SourceFire. 

•  An  in-house  program  called 
NetSquid  to  block  infected  hosts. 

•  At  the  border,  a  homegrown 
packet-based  firewall  dubbed 
“Drawbridge.” 

To  get  a  view  of  his  network’s 
activity,  Marti  used  an  open 
source  tool,  Multi  Router  Traffic 
Grapher,  which  collects  data  via 
SNMP  requests  to  routers  and 
other  network  hardware,  and 
generates  graphs  of  network  uti¬ 
lization  as  Web  pages. 

“But  we  didn’t  have  anything 
that  could  synthesize  a  picture 
of  everything”  on  the  network, 
Marti  says. 

QRadar  creates  that  overview 
by  gathering  traffic  data  via  sen¬ 
sors  called  QFiow  Collectors  (or 
via  Cisco  IOS’  NetFlow),  funnel- 
ing  it  to  the  QRadar  Classifi¬ 
cation  Engine  on  a  server,  where 
it  can  be  viewed  via  the  QRadar 
Console  application  on  a  PC.The 


Catalyst  6509,  Nortel’s  Passport 
8300  and  Foundry  Networks’  Fast- 
Iron  chassis. 

The  Aspen  8800  series  switches 
and  line  cards  are  available  now. 
The  10-slot  Aspen  8810  starts  at 
$7,000  for  the  chassis,  while  the 
six-slot  8806  starts  at  $3,500.  The 
10/100/1000M  bit/sec  BoE  ports 
cost  $350  per  port,  and  10G 
Ethernet  ports  cost  $3,500  each, 
without  optical  port  modules. 
(Optics  range  from  $4,000  to 
$10,000  per  port.)  ■ 


collectors  can  use  a  network  tap 
or  attach  to  a  mirrored  port  on  a 
switch  or  router. 

“It  can’t  look  at  every  link  in 
every  place,”  Marti  says.“We  have 
it  look  at  our  residence  halls,  the 
campus  [network]  border  and 
our  remote-access  connections." 

The  server  software  creates  a 
baseline  of  normal  or  customary 
network  behavior.  For  example, 
the  business  office  typically 
might  have  lots  of  SQL  queries  to 
a  database.  If  an  FTP  file  transfer 
mars  that  pattern,  QRadar  flags 
that  event  and  sends  an  alert  to 
administrators. 

Network  administrators  can 
configure  the  Classification  En¬ 
gine  with  a  set  of  rules  reflecting 
their  specific  knowledge  of,  in 
this  case,  the  university’s  net¬ 
work.  “You  can  set  up  a  rule  that 
says  ‘a  lot  of  IRC  traffic  out  of  a 
given  subnet  is  an  anomaly?” 
Marti  says.* 


too  narrowly  focused.  They’re 
either  vendor-specific  or  proto¬ 
col-specific, "Willis  says. 

The  software,  from  Q1  Labs,  is 
marketed  as  a  tool  for  creating  a 
network  security  overview  by  sur¬ 
veying  and  displaying  network 
behavior  and  traffic  patterns  as 
they  take  place.  Texas  A&M  uses 
Version  3.0,  released  last  May  In 
November,  Q1  Labs  released  Ver¬ 
sion  4.0,  which  has  been  rework¬ 
ed  to  easily  accept  new  mini-pro- 
grams  to  add  specific  features. 
The  first  of  these  is  QRadar-ICX 
(for  Isolate,  Contain  and  ex¬ 
tinguish),  which  is  designed  to 
start  countermeasures  to  block 
threats  such  as  a  denial-of-service 
attack,  port  scan  or  a  rogue  wire¬ 
less  LAN  (WLAN)  access  point. 
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hp  procurve  switch  2824 


hp  Compaq  business  desktop  dc5000 


The  Right  Technology.  Right  Away. 
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In  Canada,  call  800.387.2173'  •  COWffli 


Monitor  and  floppy 
drive  sold  separately 


The  Networking  Solutions  You  Need  When  You  Need  Them. 

Upgrading  your  systems  means  upgrading  your  productivity.  At  CDW,  we  have  the  top-name  networking 
solutions  to  help  you  do  just  that.  Our  account  managers  provide  fast  answers  to  your  product  questions. 
And  with  access  to  the  largest  instock  inventories,  you'll  get  what  you  need,  when  you  need  it.  So  why 
wait?  Get  new  systems  today  and  start  benefiting  tomorrow. 


•  Twenty  1 0/1 00/1 000BASE-T  and  four 
dual-personality  ports 

•  Ideal  for  medium  to  large  networks 

•  Maximize  bandwidth  performance  with 
ten  times  the  speed  of  lOOMBps  switches 

•  Seamlessly  protect  your  existing  network 
investment  while  preparing  for  future  growth 


*1924 

COW  530935 


•  2.8GHz  Intel®  Pentium*  4  processor  with  HT  Technology 

•  Memory:  128MB 

•  40GB  hard  drive 

•  48X  Max  CD-ROM  drive 

•  Windows®  XP  Professional 


SfiAQ  desktop 

CDW  675559 


TRADE-IN' 


$619 


$37809 

CDW  530936 


Recommended  accessories  and  services: 

hp  Compaq  256MB  memory  upgrade  $119  (CDW  499203) 

hp  Compaq  17"  LCD  $379  (CDW  51 5635) 

hp  care  pack  3-year,  next  business  day,  9x5,  onsite  warranty 

$170  (CDW  585483) 


•  Full-featured  IEEE  802.1 1  g,  single-radio  access  point 

•  Ideally  suited  for  medium  to  large  wireless  local 
area  network  (WLAN)  deployments 

•  Cost-effective  means  to  deploy  either  an  802.1 1b 
or  802.1 1  g  wireless  network  with  integrated 
802. 3af  PoE 


Eligible  processors  include  Intel  Pentium  II,  III  or  Intel  Celeron;  AMD  processors  do  not  qualify;  trade-in  values  are  estimates  only;  actual  trade-in  values  may  vary  from  $25  to  $100;  all  products  must  be  in  good  working  condition  and  have  a  fair  market  value;  call  your  CDW  account  manager  for  details;  offer  ?nds  3/;  i  ? .  O  • \  r>  !* 

CDW  is  not  the  manufacturer  of  the  products  purchased  by  customer  hereunder  and  the  only  warranties  offered  are  those  of  the  manufacturer,  not  CDW.  All  pricing  is  subject  to  change.  CDW  reserves  the  right  to  make  adjustments  to  pricing,  products  and  service  offerings  for  reasons  including,  but  not  limited  •-i, '.  ud  ;.r  ••  ‘  j  •  -. : 

discontinuation,  product  unavailability,  manufacturer  price  changes  and  enors  in  advertisements.  All  orders  are  subject  to  product  availability.  Therefore,  CDW  cannot  guarantee  that  it  will  be  able  to  fulfill  customer's  orders.  The  terms  and  conditions  of  sale  are  limited  to  those  contained  herein  and  on  CDW s  Web  S:rr  at  r ;  V.  it.  » 
to  and  rejection  of  any  additional  or  different  terms  in  any  form  delivered  by  customer  is  hereby  given.  ©  2005  CDW  Corporation 
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Keep  unauthorized  users  off  your  network. 


It's  1  pm.  Do  you  know  your  wireless  network  has  an  open-door  policy 
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Sure,  your  wireless  network  makes  you  more  productive,  but  the  security  loopholes  are  huge.  And  securing 
a  wireless  network  is  expensive  and  complicated,  right?  Not  with  SonicWALL®.  We  make  wireless  security  simple, 
affordable,  and  easy  to  use.  So  businesses  like  yours  can  concentrate  on  what  they  do  best — business. 

Our  Distributed  Wireless  Solution  provides  real,  enterprise-class  protection  from  unwanted  intruders,  viruses,  and 
more  in  one  affordable,  powerful  package.  Every  SonicWALL TZ  1 70  and  PRO  Series  appliance  supports  our 
SonicPoints,  making  it  easy  to  add  secure  wireless  connectivity  to  your  network.  Whether  you're  starting 
from  scratch,  or  adding  to  your  wired  network,  SonicWALL's  got  the  answer  to  your  needs. 

Slam  the  door  on  uninvited  wireless  snoops.  Get  the  full  story  on  SonicWALL's  Distributed  Wireless  Solution 

at  www.sonicwall.com/home/dws.asp  or  call  us  at  1 .800.557.6642. 


SonicPoint 


Around  the  clock ,  around  the  world,  and  around  the  Web- 

SonicWALL  is  there  for  you. 


Users,  firms  at  odds  on  mobile  devices 


■  BY  STEPHEN  LAWSON 

Companies  and  their  employees  might 
find  themselves  in  a  tug  of  war  over  enter¬ 
prise-class  mobile  phones,  an  emerging 
set  of  devices  that  can  run  multimedia 
entertainment,  games  and  business  appli¬ 
cations. 

With  these  high-function  handhelds, 


■  Facing  tough  competition  from 
IBM,  HP  and  Dell,  blade  server  pio¬ 
neer  RLX  Technologies  is  exiting 
the  hardware  business  to  focus 
exclusively  on  marketing  its  Control 
Tower  management  software.  The 
company  has  announced  that  it 
would  stop  selling  blade  servers  and 
instead  work  on  offering  Control 
Tower  for  all  major  blade  and  server 
platforms.  RLX  released  the  sixth 
generation  of  Control  Tower  last  year 
to  accolades  from  analysts,  who  say 
the  software  is  more  sophisticated 
than  what  vendors  such  as  HP  and 
IBM  offer.  RLX  says  it  will  continue 
to  provide  hardware  support  for  cur¬ 
rent  customers. 

■  After  years  of  holding  meetings 
with  analysts  and  media  at  rival 
Intel's  biannual  developer  confer¬ 
ences,  Advanced  Micro  Devices 
plans  to  host  its  own  developer  con¬ 
ference  this  year.  A  source  close  to 
AMD  says  it  would  take  place  in  the 
second  quarter,  right  around  the  time 
that  Microsoft  is  expected  to  finally 
release  a  64-bit  production  version  of 
Windows  that  works  with  AMD’s  64- 
bit  desktop  processors.  A  report 
about  the  conference  first  appeared 
on  The  Inquirer,  a  technology  news 
Web  site.  AMD  is  eyeing  Las  Vegas 
and  Phoenix  as  potential  conference 
sites,  the  source  says.  "It’s  something 
we’re  interested  in  doing,  but  it's 
something  we  haven’t  announced 
officially.  The  time  is  right,"  says  Mike 
Simonoff,  an  AMD  spokesman.  He 
declined  to  comment  on  potential 
dates  or  locations. 


companies  finally  have  a  platform  that’s 
fully  mobile,  almost  always  connected 
and  powerful  enough  to  use  for  applica¬ 
tions  that  certain  employees  need  on  the 
road,  such  as  salesforce  automation  and 
CRM.  But  IT  executives  are  bracing  them¬ 
selves  for  future  threats,  including  attacks 
that  might  come  through  consumer  appli¬ 
cations.  At  the  same  time,  businesses  are 
seeking  ways  to  keep  the  cost  of  personal 
phone  use  out  of  their  expenses  and  some 
service  providers  are  responding  (see 
related  story  below). 

“There’s  no  device  that’s  in  worse  shape 
in  terms  of  manageability  than  a  smart 
phone  because  for  years  [the  cell  phone] 
has  been  a  personal  device,”  says  Gartner 
analyst  Ken  Dulaney 

Examples  of  enterprise  network-orient¬ 
ed  devices  include  the  Nokia  6820  smart 
phone  and  9300  wireless  phone-PDA,  the 
palmOne  Treo  650,  the  Siemens  SK65  and 
SX66,  Motorola’s  MPX  and  Research  In 
Motion’s  voice-equipped  wireless  PDAs. 

In  September,  1DC  forecast  converged 


phone  and  data  devices  to  outsell  ordi¬ 
nary  handheld  data  devices  both  world¬ 
wide  and  in  the  U.S.  For  2004,  it  projected 
sales  of  17.7  million  converged  devices 
worldwide  and  4.8  million  in  the  U.S., 
compared  with  9.4  million  data  hand¬ 
helds  worldwide  and  3.6  million  in  the 
U.S.  Nearly  15%  of  those  converged 
devices  would  go  to  enterprise  accounts, 
IDC  said. 

At  October’s  CT1A  Wireless  IT  &  Enter¬ 
tainment  trade  show,  where  vendors  and 
operators  promised  nonstop  fun  for  con¬ 
sumers  in  the  form  of  games,  photo  shar¬ 
ing,  video,  custom  ring  tones  and  other 
applications  and  content,  service  pro¬ 
viders  also  pushed  the  new  devices  as 
business  tools. 

Business  applications  should  start  hit¬ 
ting  smart  phones  in  vertical  industries  in 
the  first  half  of  2005  and  in  general  corpo¬ 
rations  in  the  second  half,  according  to 
David  Hayden,  co-founder,  president  and 
CEO  of  consultancy  MobileWeek.  Con¬ 
sumer  use  of  advanced  data  services  is 


just  getting  started.  Probably  less  than  10% 
of  users  are  buying  games  or  exchanging 
photos  over  the  air,  he  says. 

“Most  people  don’t  download  and  most 
people  don’t  even  use  the  picture  messag¬ 
ing,”  Hayden  says. 

The  potential  benefits  of  mobile  devices 
are  clear  to  Steve  Philpott,  president  of 
Bearing  Belt  Chain,  an  industrial  equip¬ 
ment  distributor  in  Las  Vegas,  who  has 
replaced  three  sales  representatives’  con¬ 
ventional  PDAs  with  palmOne  Treo  650 
phone-PDAs.  He  plans  to  get  five  more 
Treos.With  the  old  PDAs,  salespeople  had 
to  synchronize  data  with  their  office  PCs 
before  they  went  on  the  road.  With  the 
Treos,they  can  change  plans  in  the  middle 
of  a  trip  and  still  have  a  chance  to  syn¬ 
chronize  all  the  data  they  need,  which  also 
is  more  up  to  date,  Philpott  says.  A  side  ben¬ 
efit  to  the  combination  device  is  that  there 
is  one  less  thing  for  an  employee  to  mis¬ 
place,  he  says. 

But  companies  are  embracing  the  new 

See  Mobile,  page  22 


learners  increase  companies’  control  over  handhelds 
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Some  mobile  operators  already  have  some  offerings  in 
place  to  deal  with  the  conflict  over  enterprise-class 
mobile  phones. 

Verizon  Wireless  offers  software  tools  that  let  a  company 
configure  its  phones  to  accept  only  certain  applications,  says 
James  Straight,  vice  president  of  wireless  data  products  and 
business  development.  Verizon  can  produce  two  different 
monthly  bills  for  one  phone,  one  for  corporate  use  and  the 
other  for  consumer  use. 

Vodafone  Group,  which  has  extensive  operations  in  Europe 
and  the  Asia-Pacific  region,  takes  a  less-detailed  approach.  If 
a  company  doesn't  want  its  employees  to  use  the  Vodafone 
Live  consumer  multimedia  service,  Vodafone  can  lock  the 
phone  out  of  that  service,  says  Peters  Suh,  a  director  of  cor¬ 
porate  strategy.  The  carrier  also  offers  a  managed  service 
that  tracks  phone  use  and  reports  to  the  company  any  use 
for  non-work  purposes,  he  says. 

Nextel  Communications  has  geared  up  for  dual  use  in 
several  ways,  says  Senior  Vice  President  Greg  Santoro.  Any 
Nextel  phone  can  support  two  lines,  so  employees  can  set 
up  a  personal  line  and  receive  a  separate  bill  that  the 
employer  never  sees,  he  says.  If  they  have  just  one  line, 
they  can  set  up  an  electronic  wallet  backed  by  a  personal 
credit  card. 

To  control  what  employees  put  on  the  phone,  Nextel  can 
set  up  a  special  download  library  of  company-approved 
items.  Currently  that  library  can  accommodate  only  applica¬ 


tions,  but  Nextel  soon  will  enhance  it  to  offer  music,  graphics 
and  other  items,  Santoro  says. 

At  CTIA,  Sprint,  which  agreed  last  month  to  merge  with 
Nextel,  introduced  a  managed  service  for  companies  that 
want  to  centralize  control  of  their  phones. 

Under  the  managed  service,  Sprint  can  monitor  the  use 
and  security  of  a  particular  employee’s  phone  and  determine 
what  applications  and  content  are  on  it,  says  Scott  Boehmer, 
general  manager  of  customer  solutions.  The  carrier  even  can 
delete  unwanted  items.  If  a  particular  file  or  virus  seems  to 
be  causing  a  problem,  Sprint  can  search  and  delete  it.  Sprint 
is  working  on  being  able  to  find  viruses  proactively  and 
remove  them,  Boehmer  says.  If  a  device  is  lost  or  stolen, 
Sprint  can  remotely  delete  everything  on  it. 

Sprint’s  service  is  provided,  in  part,  with  Intellisync’s 
Mobility  Suite  software.  Sybase’s  iAnywhere  Solutions  unit 
also  offers  a  product  for  managing  remote  devices,  called 
XcelleNet  Afaria  Security  Manager, 

Afaria  can  remotely  detect  what  applications  are  installed 
on  a  device  and  how  much  memory  they  take  up,  says  Shari 
Freeman,  a  manager  in  iAnywhere's  product  management 
group.  If  the  IT  staff  determines  that  a  consumer  application 
or  content  takes  up  too  much  memory  or  might  be  causing  a 
conflict,  Afaria  can  uninstall  that  item  from  the  device,  she 
says.  Afaria  also  can  encrypt  the  data  on  a  device  and  wipe 
it  out  if  the  device  is  lost  or  stolen. 

—  Stephen  Lawson 
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Welcome  to  2005!  Because  nothing 
of  major  importance  tends  to 
happen  over  the  year-end  holi¬ 
days,  this  first-of-the-year  column  tradi¬ 
tionally  is  given  over  to  predictions  for 
the  year  to  come.  First,  let’s  look  back  at 
last  year’s  predictions  to  see  how  well  1 
did. There  were  five: 

1.  Microsoft  will  step  up  activity  on  the 
legal  front. 

It  did,  but  1  thought  it’d  be  involved  in 
more  litigation.  Instead,  it’s  done  its  best 
to  put  legal  problems  behind  it  (for 
example,  settlements  with  Sun  and 
Novell).  I  claim  half-credit  as  obviously 
the  polarity  of  my  crystal  ball  was 
reversed. 

2.  Expect  huge  losses  and  major 


Taking  a  look  at  the  year  ahead 


changes  in  management  and  direction 
at  The  SCO  Group. 

Another  partial  credit. The  huge  losses 
have  certainly  occurred  —  it’s  doubtful 
it  could  last  another  year  at  the  current 
pace  unless  there’s  a  huge  infu¬ 
sion  of  cash  from  somewhere. 

Not  only  is  management  going 
to  be  looking  for  a  place  to 
land  soon,  but  the  entire  com¬ 
pany  could  simply  disappear. 

3.  Linux  will  become  firmly 
entrenched  in  the  enterprise 
server  room. 

The  open  source  operating  system  has 
gotten  a  toe  hold  in  the  server  room  and 
is  making  steady  progress.  It  might  be 
too  early  to  say  “entrenched,”  but  I’ll  give 
myself  credit  anyway. 

4.  Privacy  and  user  control  of  their 
own  data  will  be  the  major  topics. 

I  might  have  been  premature  here,  as 
regulatory  compliance  continues  to  be 
the  driving  force  for  identity  manage¬ 
ment  projects.  But  privacy  and  user  con¬ 


trol  have  gotten  the  lion’s  share  of  dis¬ 
cussion  around  the  virtual  water  cooler. 

5. 1  saw  2004  as  being  the  biggest  year 
yet  for  politics  and  the  Internet. 

Nailed  that  one,  didn’t  I? 

Final  score,  approximately 
3.67  out  of  5. 

Now,  my  fearless  forecast  for 
2005: 

Novell’s  Open  Enterprise 
Server  will  surpass  sales  expec¬ 
tations.  But  a  few  minor  but 
nagging  problems  will  keep  it 
from  being  a  total  success. 

Microsoft,  with  no  new  operating  sys¬ 
tems  due,  will  hammer  heavily  on 
licensing  issues  (looking  very  much  like 
subscriptions)  to  try  to  even  out  the  rev¬ 
enue  stream. 

As  the  economy  picks  up,  so  too  will 
merger  and  acquisition  activity,  espe¬ 
cially  in  the  identity  management  mar¬ 
ket.  Look  for  a  half-dozen  well-known 
companies  to  be  assimilated  this  year. 


Linux  on  the  desktop  finally  will  become 
a  reasonable  alternative  to  Windows  for 
mainline  business  organizations. 

We’ll  check  back  in  a  year  to  see  how 
well  I’ve  done. 

Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  reached  at 
wired@vquill.  com. 


Tip  of  iWeek 


For  more  on  the  coming 
year,  see  this  week's  New 
Year’s  resolution  issues  of 
my  Network  World  newslet¬ 
ters  (www.nwfusion.com/ 
newsletters/)  on  NetWare, 
Windows  Networking  and 
Identity  Management. 


Mobile 

continued  from  page  21 
devices  cautiously 

Northwestern  Mutual,  an  insurance  and 
financial  company  in  Milwaukee,  gives 
employees  only  simple  mobile  phones 
and  works  with  the  service  provider  to 
prevent  all  uses  except  for  voice, says  Phil 
Zwieg,  vice  president  of  IS  at  North¬ 


western.  The  company  is  looking  at 
adopting  combination  devices  for  e-mail 
and  voice,  but  there  are  hurdles  to  over¬ 
come,  such  as  security,  Zwieg  says.  He  has 
been  particularly  disturbed  by  recent 
reports  of  cell  phone  viruses. 
Northwestern  won’t  introduce  such 
devices  until  it  understands  the  security 
mechanisms  it  needs  to  put  in  place,  he 
says. 


Apple  delivers  SAN  system 


■  BY  DENI  CONNOR 

Apple  announced  last  week  that  it  has 
shipped  a  new  file  system  and  an  upgrad¬ 
ed  server. 

The  Xsan  storage-area  network  (SAN) 
file  system  lets  users  deploy  a  shared  data 
environment  for  their  data  center  or  high- 
performance  computing  environments. 

Xsan  is  a  64-bit  clustered  file  system  for 
Mac  OS  X  that  consolidates  storage 
resources  into  one  shared  environment, 
and  gives  multiple  computers  read/write 
access  to  shared  volumes  in  a  Fibre 
Channel  SAN. 

Xsan  administrative  software  provides 
volume  management,  configuration  and 
remote  monitoring.Administrators  can  set 
quotas  for  users  with  the  Xsan  administra¬ 
tive  tool.  Xsan  can  be  used  in  Windows, 
Unix  and  Linux  environments  when 
deployed  with  ADIC’s  StorNext  File 
System. 

Xsan  starts  at  $999  per  client  and  server. 

The  company  also  upgraded  its  Xserve 
server,  adding  a  faster  processor  and  more 
storage.  The  2.3-GHz  dual-processor 
Xserve  G5  offers  35  gigaflops  of  process¬ 
ing  in  a  lU-high  box.  It  has  as  many  as 


Apple's  Xserve  G5  server  boasts  a  faster 
processor  and  more  storage  than  the  earlier 
version. 


three  400G-byte  drives  for  a  total  of  1.2T 
bytes  of  storage.  The  upgraded  G5  also 
offers  as  much  as  8G  bytes  of  memory  and 
two  64-bit  PCI-X  slots. 

The  Xserve  G5  ships  in  three  configura¬ 
tions:  a  single  2.0-GHz  processor  with  1G 
byte  of  RAM  and  an  80G-byte  drive  costs 
$3,000;  a  dual-processor  2.3-GHz  model 
with  1G  byte  of  memory  and  an  80G-byte 
drive  costs  $4,000;  and  a  cluster-optimized 
Xserve  with  two  2.3-GHz  processors,  5 12M 
bytes  of  memory  and  an  80G-byte  hard 
drive  costs  $3,000.  ■ 


The  director  of  telecom  at  a  large  U.S. 
chemical  company,  who  asked  not  to  be 
named,  likewise  still  is  studying  the 
deployment  of  data-capable  phones.  His 
team  is  considering  what  applications 
need  to  be  provided  on  mobile  devices. 
E-mail  and  Web  browsing  for  executives, 
plus  access  to  management 
systems  for  technical  sup¬ 
port  staff,  are  among  the 
possibilities,  he  says.  He’s 
looking  for  a  high-perfor¬ 
mance  device  with  substan¬ 
tial  storage,  which  raises 
potential  problems. 

“A  phone  is  carried  every¬ 
where,  whereas  a  laptop 
that  an  employee  takes 
home,  stays  at  home’’  the 
telecom  director  says.  Top 
concerns  include  propri¬ 
etary  information  getting 
into  the  wrong  hands  and 
possible  misuse  of  stolen 
company  information  that 
would  put  its  name  in  a  bad 
light,  he  says. 

An  enterprise-class  phone 
might  hold  sensitive  busi¬ 
ness  contacts,  and  invent¬ 
ory  and  sales  information, 
says  Bob  Egan,  president  of  consultancy 
Mobile  Competency.  An  employee  who 
uses  that  phone  at  a  consumer  Web  site 
might  put  that  data  at  risk,  he  says. 

“One  minute  they’re  doing  something 
in  a  very  sanitized  company  environ¬ 
ment,  and  the  next,  they’re  in  a  consumer 
environment,”  he  says.  Operators  of  Web 
sites  often  haven’t  looked  at  potential 
risks  when  translating  them  from  conven¬ 
tional  Web  pages  to  ones  for  mobile 
devices,  Egan  says.  He  says  dangers,  such 
as  viruses,  data  theft  and  denial-of-service 
attacks  will  be  bigger  on  phones  than 


they  are  on  PCs  because  phones  are 
more  often  connected  and  there  are 
more  of  them. 

Many  of  these  devices  also  could  give 
interlopers  a  way  into  a  secure  enterprise 
network  through  VPNs,  Gartner’s  Dulaney 

says. 

To  maintain  control,  com¬ 
panies  are  taking  a  hard 
line,  starting  with  corporate 
policies,  and  want  more 
tools  to  do  so. 

Bearing  Belt  forbids 
employees  to  use  company 
phones  for  personal  calls, 
makes  them  sign  a  contract 
to  that  effect  and  audits 
their  phone  bills,  Philpott 
says. 

The  chemical  company 
telecom  director  expects 
employees  to  use  the 
phones  as  personal  devices 
sometimes,  within  policies, 
but  he  wants  to  apply  the 
same  rules  to  phone  use 
that  are  in  place  for  PCs. 
This  includes  a  policy 
against  downloading  any¬ 
thing  to  the  device  itself,  so 
employees  have  to  keep 
any  personal  content  on  removable  stor¬ 
age.  He  also  wants  itemized  bills  in  order 
to  break  out  personal  use.  Another  mea¬ 
sure  would  be  the  ability  to  erase  or 
encrypt  all  the  data  on  a  device  remotely 
in  case  it  is  lost  or  stolen. 

Dulaney  sees  mobile  device  manage¬ 
ment  moving  in  that  direction. 

“The  company  will  have  to  own  it,  and 
as  such,  they’ll  build  an  image  for  it,  and 
they’ll  manage  that  image,”  Dulaney  says. 

Lawson  is  a  correspondent  with  the  IDG 
News  Service. 


PalmOne's  Treo  is  among  a 
new  breed  of  device  that 
serves  as  a  phone  and  PDA. 
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►  Data  speeds  from 
25Mbps  to  156Mbps 

►  Data  transmission 
from  100m  to  2km 


►  Data  speeds  at  1.25Gbps 
for  Gigabit  Ethernet 
Network  Applications 

►  From  100m  to  1000m 
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When  Stratasys  — a  high-tech  leader  in  rapid  built-in  AutoTracking,  enabled  Stratasys  to 

prototyping— needed  to  expand,  a  four-lane  highway  faithfully  transmit  complex  computer  data  three  quarters 
separating  them  from  their  new  building  prevented  the  of  a  mile  away  to  their  rapid  prototyping  machines, 
use  of  fiber  optics  to  network  their  data.  Their  solution  which  transform  3-D  graphic  designs  into  solid  models, 
was  Free  Space  Optics  and  the  brand  they  chose  was 

Canon.  Canon’s  Canobeam  DT-100  Series,  with  O  e  great  technology  deserves  another! 
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(Above) 

DT-130  photograph 
courtesy  of  Canon  FSO 
integrator  System  Support 
Solutions,  Inc.,  Orono,  MN. 


Find  out  more  at  canobeam.com 

1-800-321-4388  (Canada:  905-795-2012) 
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►  Data  speeds  from 
25Mbps  to  156Mbps 

►  Data  transmission 
from  20m  to  500m 
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We  chose  Canobeam  for  its  active 
optical  (AutoTracking)  connection. 
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The  four-lane  highway  ruled  out  a 
fiber  link,  but  Canobeam  Free  Space 


Optics  was  the  perfect  solution.” 

.  *;  *  ^  Steve  Glen  non 

System  Administrator,  STRATASYS,  Inc. 
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VeriSign.® 

Where  it  all  comes  together. 


Billions  of  times  each  day,  the  world  interacts  with  a  company  you  may  not 
realize  is  there.  One  that  is  driving  dynamic  transformations  at  the  very 
core  of  commerce  and  communications.  VeriSign.  Through  our  Intelligent 
-;v~.  '  Infrastructure  Services,  we  enable  businesses  and  individuals  to  find. 
cdniHet't,  secure,  and  transact  across  today’s  complex  Internet,  telecom, 
and  converged  networks. 

We  operate  the  systems  that  manage  .com  and  .net,  handling  14-billion 
Web  addresses  and  emails  every  day.  We  run  one  of  the  largest  telecom 


Web  addresses  and  emails  every  day.  We  run  one  of  the  largest  telecom 
sighalfng  ndtwdrks  in  the  world,  enabling  services  such  as  cellular  roaming, 

text  miessaging,  caller  ID,  and  multimedia  messaging.  We  manage  network 
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trademarks  of  VeriSign  and  its  subsidiaries  in  the  United  States  and  in  foreign  countries. 


And  we  handle  over  30  percent  of  all  e-commerce  transactions  in  North 
America,  processing  $100-million  in  daily  sales.  As  next-generation  net¬ 
works  emerge  and  converge,  VeriSign  will  be  there,  deploying  the 
Intelligent  Infrastructure  Services  necessary  for  everything  from  RFID- 
enabled  supply  chains  to  inter-enterprise  VoIP  to  mobile  and  rich  media 
content  distribution. 

Whether  you’re  a  telecom  carrier  looking  to  rapidly  deploy  new  services:  a 
Fortune  500  enterprise  needing  comprehensive,  proactive  security  services: 
or  an  e-commerce  leader  wanting  to  securely  process  payments  and  reduce 
fraud,  we  can  help.  We’re  VeriSign.  Where  it  all  comes  together.™ 


www.VeriSign.com 

Download  now:  Free  white  paper  on  Intelligent  Infrastructure  Services 
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Where  IP  and  telecom  unite. 
Where  security  is  offensive,  not  defensive. 
Where  e-commerce  is  safe  commerce. 
Where  content  is  mobile  and  personal. 

Where  infrastructure  is  more  intelligent. 
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E-billing  adopters  find  rewards 

E-billing  gains 

Health  Alliance  Medical  Plans  expects  to  achieve  big  savings  in  its  first 
year  using  Avolent's  BizCast  software.  Here  are  some  specifics  from  an 
early  ROI  tabulation. 


Expense 

Cost  before 
BizCast 

Cost  with 
BizCast 

First-year 

savings 

Reconciliation  and 
dispute  process 

$376,000 

$188,000 

$188,000  or  50% 

Paper  bill  presentment 

$55,000 

$14,000 

$41,000  or  75% 

Manual  check  processing 

$57,000 

$43,000 

$14,000  or  25% 

,  .  • 

Takes 

■  IBM  is  due  to  begin  shipping  its  re¬ 
cently  announced  regulatory  compli¬ 
ance  offerings  for  pharmaceutical, 
biotechnology  and  medical  device 
companies.  The  bundle  —  called  So¬ 
lution  for  Compliance  in  a  Regulated 
Environment  —  combines  document 
and  data  management  capabilities 
with  application  integration,  business 
process  management  and  collabora¬ 
tion  tools.  It's  tailored  for  businesses 
that  have  to  deal  with  regulatory  man¬ 
dates  governing  their  R&D,  manufac¬ 
turing,  and  sales  and  marketing 
processes. 

■  Almost  finished  digesting  People- 
Soft,  Oracle  has  pegged  Jan.  18  as 
the  launch  date  for  its  newly  expand¬ 
ed  company.  Oracle’s  top  executives 
will  lay  out  their  vision  for  the  com¬ 
bined  company  during  the  online 
event,  which  has  been  warmly  titled, 
“Oracle-PeopleSoft  —  Better  Togeth¬ 
er."  Customers  have  the  opportunity 
to  submit  questions  online.  The  Web¬ 
cast  will  be  followed  by  a  series  of 
regional  events,  Oracle's  Web  site 
says.  Oracle  announced  last  week 
that  enough  PeopleSoft  stock  was 
tendered  to  give  it  control  of  the  com¬ 
pany,  although  the  deal  is  still  not  offi¬ 
cially  complete.  Meanwhile,  Oracle 
says  it  plans  to  notify  staff  by  Jan.  14 
about  who  will  be  laid  off  in  the 
merger,  according  to  its  Web  site. 
Oracle  also  reiterated  its  plans  to 
release  new  versions  of  PeopleSoft's 
main  product  lines  and  to  develop  a 
successor  product  suite, 

■  The  Liberty  Alliance  last  week 
named  George  Goodman,  who  is 

the  director  of  Intel's  Visualization  and 
Trust  Lab,  as  the  new  president  of  its 
management  board.  Goodman  has 
been  a  member  of  the  board  since 
Intel  joined  the  Liberty  Alliance  in 
March  2004.  Goodman  succeeds 
Michael  Barrett,  vice  president  of  sec¬ 
urity  strategy  at  American  Express, 
and  will  serve  for  one  year.  The 
Liberty  Alliance,  which  is  developing 
open  standards  for  sharing  network 
identities  across  corporate  bound¬ 
aries,  has  more  than  150  members. 


■  BY  ANN  BEDNARZ 

For  a  company  switching  from  paper  to 
electronic  invoicing  methods,  one  obvious 
savings  potential  is  mailing  costs  —  no 
more  bills  to  print  or  postage  to  purchase. 

But  there  are  a  lot  more  savings  to  be 
gleaned  by  going  electronic,  users  say  For 
Health  Alliance  Medical  Plans  in  Urbana, 
Ill.,  a  key  savings  comes  from  expedited 
dispute  management  processes. 

Because  Health  Alliance  bills  its  corpo¬ 
rate  customers  in  advance,  accurate 
invoices  are  a  rarity  Typically,  corporate 
customers  have  a  change  to  report  —  an 
employee  to  add  to  or  remove  from  their 
health  plan  coverage,  for  example. 

Within  Health  Alliance,  reconciling  these 
changes  used  to  be  a  manual,  time-con¬ 
suming  process.  “In  the  past,  companies 
would  write  in  or  cross  out  people  on  their 
paper  bill,”  says  Traci  Kleinert,  director  of 
billing,  enrollment  and  cash  services  at  the 


■  BY  JOHN  FONTANA 

Microsoft  has  shelved  a  new  security 
component  for  Exchange  Server  2003. 
Instead,  it  will  add  its  piece  parts  to  a  ser¬ 
vice  pack  and  the  next  upgrade  of  the 
server. 

Exchange  Edge  Services,  first  intro¬ 
duced  in  February  2004,  is  a  message 
transfer  agent  (MTA)  that  can  run  at  the 
edge  of  a  network  to  provide  customers 
with  anti-spam,  anti-virus  and  other  mes¬ 
saging  hygiene  and  policy-based  features. 
Edge  Services  was  intended  to  replace 
the  current  message  transfer  agent  in 
Exchange,  which  has  a  dependency  on 
Microsoft’s  Internet  Information  Server 
and  Active  Directory  The  configuration 
can  lead  to  open  ports  on  the  edge  of  net¬ 
works  that  pose  security  risks. 

Edge  Services  was  to  provide  routing 
features  and  serve  as  a  hub  to  plug  in 
third-party  e-mail  security  products  from 
the  likes  of  partners  Network  Associates, 
Sybari,  Symantec  and  Trend  Micro.  It  was 
also  designed  as  a  small  cog  in  Microsoft’s 
Dynamic  Systems  Initiative,  a  common 
management  platform  for  Windows 


benefits  provider.  Inside  Health  Alliance, 
the  accounts  receivables  department 
would  log  that  information  and  pass  it 
along  to  the  benefits  eligibility  department 
for  manual  processing. 

“It’s  those  hand-offs  that  caused  so  much 
time  delays  —  when  multiple  depart- 


servers  and  desktops. 

In  May  2004, Microsoft  said  it  would  ship 
Edge  Services  in  early  2005,  but  in 
November  2004,  the  company  hinted  that 
the  date  was  in  doubt.  In  late  December, 
Microsoft  confirmed  that  Edge  Services 
would  not  ship  as  a  separate  product,  and 
that  some  of  its  features  would  be  inte¬ 
grated  into  Exchange  2003  Service  Pack  2, 
due  in  the  second  half  of  this  year, and  the 
next  release  of  Exchange.  A  ship  date  for 
the  next  version  of  Exchange  has  not 
been  announced.  Last  year  Microsoft 
removed  the  long-awaited  Kodiak  release 
from  its  road  map. 

Edge  Services  also  featured  support  for 
the  SenderlD  framework,  a  sender  authen¬ 
tication  mechanism  that  was  on  track  for 
standardization  but  crumbled  late  last 
year  within  the  Internet  Engineering  Task 
Force.  Problems  with  SenderlD,  which  is 
now  being  revised,  may  have  had  some¬ 
thing  to  do  with  the  delay  of  Edge 
Services,  analysts  say 

“If  Microsoft  could  not  release  Edge 
Services  with  some  sort  of  authentication 
system,  then  that  would  have  [eliminated] 
See  Exchange,  page  26 


ments  wound  up  having  to  pass  around 
information,”  Kleinert  says. 

Today,  account  reconciliation  is  done 
online,  thanks  to  Avolent’s  BizCast  suite. 
The  software  aggregates  eligibility,  billing 
history  and  account  status  information 
from  Health  Alliance’s  back-end  claims 
and  gives  customers  online  access  to  the 
data  so  they  can  modify  rosters,  approve 
invoices  and  resolve  disputes  online. 

With  BizCast,  Health  Alliance  has  cut 
back  on  billing  costs, reduced  billing-relat¬ 
ed  calls  to  its  customer  service  agents, 
and  accelerated  the  payment  process. 

It  puts  customers  in  charge  of  reconcili¬ 
ations,  Kleinert  says.  Customers  can  add 
members  to  their  invoices,  pay  for  those 
members  online  and  drop  members  from 
their  invoices.  The  software  adjusts 
invoice  totals  as  employees  are  added  or 
dropped,  and  customers  can  pay  the 
adjusted  total.“We’re  able  to  see  what  they 
paid,  and  why  they  paid  it,"  Kleinert  says. 

On  the  postage  and  printing  front, 
BizCast  also  saves  Health  Alliance  money 
—  particularly  given  the  size  of  the  com¬ 
pany’s  old  paper  bills.  “The  bills  that  we 
sent  out,  they’re  not  one  or  two  pages, 
they’re  20  or  30  pages,”  Kleinert  says. 

Staging  a  comeback 

BizCast  is  an  example  of  e-billing  soft¬ 
ware,  more  formally  known  as  electronic 
invoice  presentment  and  payment  (EIPP) 
technology  EIPP  products  automate  the 
invoicing  and  payment  process  with  Web- 
based  tools  for  delivering  bills,  moving 
cash  and  reconciling  accounts  among 
business  trading  partners. 

It’s  not  a  new  market:  E-billing  start-ups 
were  a  darling  of  the  Internet  bubble,  uni ; 
the  burst  put  several  out  of  business  or  or 
the  acquisition  block.  Since  then,  it  hasp.’* 
See  Billing,  page  5G 
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The  editors  asked  us  columnists  to 
focus  our  first  column  of  the  new 
year  on  our  predictions  for  the 
future  of  the  corner  of  IT  that  we  each 
cover.  For  me,  that  would  normally  entail 
a  bunch  of  flip  and/or  sarcastic  obser¬ 
vations  of  current  corporate  technologi¬ 
cal  assumptions  and  the  technical  reali¬ 
ties  that  will  stress  those  assumptions  in 
the  next  year  or  two.  But  I  found  it  hard 
to  be  flip  in  light  of  the  earthquake  and 
resulting  tsunamis  in  South  Asia  that 
ended  2004,  so  I’ll  do  the  best  I  can. 

My  first  prediction  is  that  corporations, 
at  least  outwardly,  will  continue  to 
ignore  the  world  around  them.  A  quick 
and  decidedly  non-scientific  survey  of  a 
number  of  the  Fortune  500  corpora¬ 


Predictions  with  the  world  in  mind 


tions’  Web  sites  shows  that,  for  most  of 
them,  it’s  business  as  usual.  Only  a  few, 
including  Microsoft,  Wal-Mart  and  Dell, 
bothered  to  acknowledge  the  South 
Asian  disaster  and  include  links  to  relief 
organizations.  Only  one  that  I 
found,  Apple  Computer,  took 
almost  all  business  content  off 
its  home  page  to  focus  on  how 
people  can  help. 

On  the  positive  side,  I  only 
found  one  site,  (ITT  Industries), 
that  exploited  the  events  to  high¬ 
light  its  own  products  (with  no 
link  for  donations). 

For  what  it’s  worth,  I  think  a  cor¬ 
poration  that’s  not  a  member  of  its 
community  is  not  living  up  to  its 
responsibilities. 

Speaking  of  the  ’Net,  2004  showed  its 
power  in  political  (and  humanitarian) 
fundraising,  in  political  discourse,  in  cor¬ 
porate  and  political  whistle-blowing,  in 
public  investigation  (say  goodbye  to  Dan 
Rather).This  power  will  only  increase  this 


year,  and  in  the  years  to  come. 
Corporations  that  attempt,  as  some  did,  to 
stifle  Internet-based  discussions  of  their 
failings  rather  than  to  focus  on  fixing 
them  will  suffer  the  fate  of  increased 
focus  on  the  failings.  Note  to 
corporate  PR  people:  Treat 
the  inevitable  “YourCompany- 
NameSucks.  com”  Web  site  as  a 
resource  to  hear  what  your  com¬ 
pany  is  doing  wrong  (so  it  can 
be  fixed),  not  as  a  target  for  the 
legal  team. 

By  some  accounts  2004  was 
supposed  to  be  the  year  of  enterprise 
VoIP  and  of  storage  over  IPNeither  quite 
took  off  in  spite  of  the  fact  that  in  both 
cases,  a  full  range  of  products  is  now 
available.  1  doubt  that  2005  will  prove  to 
be  the  year  either.  I’m  sure  there  will  be 
a  number  of  additional  big,  high-profile 
conversions  to  VoIP  and  that  storage 
over  IP  (for  example,  iSCSI)  will  repre¬ 
sent  a  recognizable  fraction  of  the  mar¬ 
ket.  But  I  expect  it  will  be  a  few  years 


before  either  will  be  the  default  path. 

Based  on  an  AOL  report,  maybe  2005 
will  be  a  year  when  spam  reduces  as  an 
issue  (no  thanks  to  the  CAN-SPAM  act). 
It  is  possible  that  2005  will  see  the  aver¬ 
age  rate  at  which  Microsoft  patches  its 
software  will  start  to  exceed  the  average 
rate  of  new  exploits,  but  I’m  not  holding 
my  breath. 

In  any  case,  Internet  governance 
efforts,  user-hostile  mergers,  federal  and 
state  regulators,  law  enforcement 
demands,  open  source  proliferation,  and 
the  forces  of  nature  and  man  will  ensure 
that  2005  will  not  be  boring. 

Disclaimer:  Harvard  is  closing  in  on 
having  had  400  chances  to  make  annual 
predictions,  but  there  has  proven  to  be 
little  science  in  its  effort,  and  the  above 
are  mine,  not  the  university’s  anyway. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information 
Systems.  He  can  be  reached  at  sob@ 
sobco.com. 


Billing 

continued  from  page  25 

been  easy  for  pure-play  EIPP  players  to 
stay  afloat,  Gartner  says.  Many  are  on 
shaky  ground.  In  fact,  Gartner  warns  cor¬ 
porations  to  include  safety  clauses  in  con¬ 
tracts  that  will  let  them  assume  control  of 
systems,  data  and  intellectual  property  if 
their  vendor  goes  out  of  business. 

Nonetheless,  Gartner  describes  today’s 
EIPP  market  as  nascent  but  growing.  The 
research  firm  expects  it  will  become  a 
$500  million  market  by  the  end  of  2010. 


Exchange 

continued  from  page  25 

one  of  the  key  reasons  to  buying  Edge 
Services,”  says  Peter  Pawlak,  an  analyst 
with  independent  research  firm  Direc¬ 
tions  on  Microsoft.  “I  think  Microsoft  real¬ 
ized  that  just  crating  competitive  products 
to  other  [MTAs]  wasn’t  going  to  sell  any 
more  licenses.” 

On  top  of  that,  Microsoft  already  had 
anti-spam  features  in  the  form  of  its 
Intelligent  Message  Filter,  an  anti-spam 
tool  released  in  Exchange  2003  Service 
Pack  l.The  second  version  was  slated  for 
release  in  Edge  Services. 

A  Microsoft  spokeswoman  says  support 
for  the  SenderlD  framework  will  be 
included  in  Exchange  2003  Service  Pack  2 
and  that  message-policy  technology  from 
Edge  Services  will  be  included  in  the  next 
release  of  Exchange. 

“Customers  said  they  needed  help  meet¬ 
ing  regulatory  compliance  requirements, 
and  that  required  additional  development 
time,”  the  spokeswoman  says.“That  placed 
the  delivery  date  of  Edge  Services  close  to 
the  release  date  of  the  next  version  of 
Exchange  Server.  In  its  current  form,  Edge 


According  to  NACHA,  an  electronic  pay¬ 
ments  organization,  more  businesses  and 
consumers  use  electronic  payments  than 
checks.  The  number  of  checks  processed 
by  the  Federal  Reserve  decreased  for  the 
fourth  consecutive  year  in  2003,  dropping 
4.7%  to  15.8  billion  checks.  Meanwhile, the 
Federal  Reserve’s  Commercial  Automated 
Clearinghouse  volume  increased  by 
12.1%  to  5.6  billion  payments. 

One  vendor  eyeing  the  business-to-busi- 
ness  market  is  Siebel  Systems.  Just  a  few 
weeks  ago,  the  CRM  leader  announced 
plans  to  acquire  Edocs,  extending  Siebel’s 


The  Radicati  Group  forecasts 
that  by  year-end 

Exchange  2003  will  have 
49.4  million  users; 
Exchange  2000, 47.8 
million  users,  and 
Exchange  5.5,31.9 
million  users. 


Services  was  not  going  to  meet  the  needs 
of  customers.” 

While  Microsoft  is  now  without  a  formal 
road  map  for  Exchange,  the  company  says 
it  is  working  on  enhancing  calendaring 
features,  e-mail  life-cycle  management, 
mobility  improvements,  Longhorn  server 
and  64-bit  support,  and  integration  with 
Web  services. 

Microsoft  is  working  hard  to  get  users  to 
migrate  from  older  platforms.  Late  last 
year,  the  company  extended  fee-based 
custom  support  to  users  of  Exchange  5.5 
in  an  effort  to  support  those  users  while 
they  migrate.  ■ 


customer  service  platform  to  include 
account  inquiry  and  bill  management 
capabilities.  Edocs  was  among  the  largest 
remaining  independent  EIPP  players,, 
which  also  include  Avolent,  Pitney  Bowes 
and  CheckFree.  Many  of  the  large  ERP 
players,  such  as  SARoffer  some  EIPP  func¬ 
tionality  in  their  suites,  as  do  procurement 
vendors,  such  as  Ariba. 

Getting  the  cash 

Revenue  management,  like  EIPP  is  an 
offshoot  of  ERP  Whereas  EIPP  technolo¬ 
gies  are  focused  on  getting  invoices  sent 
and  paid  electronically,  revenue  manage¬ 
ment  software  is  aimed  at  helping  com¬ 
panies  forecast  and  collect  moneys 
owed. 

Network  Appliance  is  currently  deploy¬ 
ing  revenue  and  receivables  management 
software  from  Aceva  Technologies.  The 
storage  hardware  maker  in  Sunnyvale, 
Calif.,  uses  Aceva’s  technology  to  improve 
its  collections  processes  —  to  automate 
cash  forecasting  and  dispute  resolution, 
for  example. 

Aceva’s  software  integrates  with 
Network  Appliance’s  ERP  system.  It 
aggregates  data  such  as  customer 
quotes,  invoice  information,  purchase 
orders,  shipping  data,  payment  histories 
and  credit  availability  —  information 
that  typically  is  scattered  among  multi¬ 
ple  applications. 

Collections  and  credit  personnel  need 
that  information  to  be  readily  available, so 
they  can  quickly  make  decisions  about 
whether  to  release  a  new  order  or  make  a 
phone  call  to  a  customer.  “Aceva  consoli¬ 
dates  it  for  us,”  says  David  Gondorf,  world¬ 
wide  credit  and  collections  manager  at 
Network  Appliance. 

Timing  is  critical,  Gondorf  says.  Imagine 
a  $1  million  order  gets  put  on  hold 
because  a  customer  account  is  past  due. 


However,  the  check  is  in  transit,  and  only 
a  collector  in  Tokyo  knows  and  has  a  ship¬ 
ping  confirmation  to  prove  it.  If  that  infor¬ 
mation  is  logged  in  Aceva,  the  order  can 
proceed  without  any  obstacles. 

In  the  past,  ironing  out  payment  status 
discrepancies  could  be  an  inefficient, 
time-consuming  process  filled  with 
phone  calls  and  e-mails  among  sales  and 
collections  staff.  “Redundancy  of  ques¬ 
tions  is  a  real  frustration,”  Gondorf  says. 

Along  with  improving  communications 
among  its  global  offices,  a  key  goal  of 
Network  Appliance  is  to  reduce  its  days 
sales  outstanding  (DSO),a  calculation  of 
the  time  that  elapses  between  when  an 
order  is  invoiced  and  when  it’s  actually 
paid. 

“DSO  calculation  is  becoming  more 
and  more  important,”  Gondorf  says. 
“Analysts  on  Wall  Street  now  look  very 
closely  at  the  balance  sheet  to  determine 
the  validity  and  health  of  a  company^ 

By  paying  more  attention  and  establish¬ 
ing  standard  policies  and  procedures  for 
collections  —  strategy  that  includes  the 
purchase  of  the  Aceva  software  — 
Network  Appliance  has  reduced  its  DSO 
from  in  the  70s  five  years  ago,  to  in  the  50s 
today.  Over  the  next  six  quarters,  Gondorf 
hopes  to  get  the  company’s  DSO  down  to 
the  mid^Os. 

Collecting  moneys  faster,  in  turn,  frees 
Network  Appliance  to  invest  more  in 
R&D,  facilities,  and  mergers  and  acquisi¬ 
tions,  for  example.  Gondorf  also  has  been 
able  to  improve  his  DSO  forecasting, 
which  helps  investment  teams  make 
more  informed  decisions  about  what  to 
do  with  incoming  moneys.  ■ 

E-commerce 
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FGC  set  to  auction  more  PCS  licenses 


■  BY  DENISE  PAPPALARDO 

Wireless  service  providers  later  this 
month  will  begin  bidding  untold  millions 
of  dollars  on  spectrum  that  the  FCC  is  set  to 
sell  in  its  third  Personal  Communication 
Services  auction. 

Although  this  auction  is  not  expected  to 


EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


bring  in  the  billions  of  dollars  past  FCC 
sales  have  generated,  analysts  say  this 
spectrum  is  valuable  to  carriers  looking  to 
beef  up  capacity  in  heavily  populated 
areas  such  as  Cleveland,  Denver  and  Los 
Angeles. 

“It’s  an  important  auction,”  says  Roger 
Entner,  an  analyst  at  The  Yankee  Group. 


inevitable  bashing  and  fierce  standards 
wars.  But  make  no  mistake:  Wireless  broad¬ 
band  is  here  at  last. 

3.  MCI  goes  out  of  business.  OK,  not  really 
—  you  network  managers  at  Carlson 
Companies,  Nestle,  Mattel  and  the  other  big 
firms  that  signed  with  MCI  in  the  past  few 
months  can  chill,  at  least  for  a  while.  But 
despite  a  once-stellar  customer  list  and 
world-leading  technology  revenue  contin¬ 
ues  to  decline.  More  ominously  the  com¬ 
pany’s  legacy  of  cobbled-together  networks 
keeps  operational  costs  unnaturally  high 
compared  with  the  competition.  Declining 
revenue  plus  high  operational  costs  spells 
trouble.  So  while  I  believe  MCI  will  survive 
the  year  in  some  form  or  other,  its  long-term 
prospects  are  bleak  —  despite  the  overall 
positive  trends  in  the  telecom  sector  men¬ 
tioned  above. 

4.  The  FCC  gets  serious  about  regulating 
“Internet  dial  tone"  (arrghl).  The 

folks  in  Washington  have  woken 
up  and  smelled  the  coffee  — 
they  finally  recognize  the  irrevo¬ 
cable  shift  toward  IP  networks, 
and  they’re  eager  to  swing  into 
action  and  regulate  the  new 
technology  as  thoroughly  (and 
ineffectively)  as  they  did  the  old  public 
switched  telephone  network. 

5.  Convergence  gets  bigger.  Two  years 
ago,  if  you  were  considering  VoIP  for  your 
business,  you  had  to  justify  it  to  your  boss. 
These  days,  you  have  to  justify  a  decision 
not  to  consider  VoIP  Watch  for  the  conver¬ 
gence  juggernaut  to  continue  gathering 
momentum. 

And  finally  for  readers  wondering  what 
happened  to  the  Eye  on  the  Carrier  2004 
Forecasting  Report  Card:  Stay  tuned.That’ll 
run  in  the  next  issue. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Service  providers  are  keeping  their  plans 
close  to  the  vest,  but  Entner  says  he 
expects  large  wireless  service  providers 
such  as  Cingular  Wireless  and  Verizon 
Wireless  to  be  active  in  bidding  for  licens¬ 
es  in  the  larger  cities. 

There  are  242  PCS  licenses  in  the  1850-  to 
1990-MHz  band  being  auctioned.The  spec¬ 
trum  is  available  in  chunks  of  10  MHz,  15 
MHz  and  30  MHz. 

While  some  carriers  will  be  able  to  move 
into  new  markets  for  the  first  time,  the 
majority  will  look  to  improve  service  in 
cities  where  they  already  offer  service,  says 
Bob  Egan,  president  of  consulting  firm 
Mobile  Competency 

The  FCC  is  in  the  process  of  qualifying 
bidders,  which  were  required  to  make  an 
upfront  payment  by  Dec.  29.The  amount  of 
the  payment  is  determined  by  a  handful  of 
factors,  including  number  of  licenses  a  bid¬ 
der  is  interested  in  winning,  geographic 
region  those  licenses  cover  and  if  the  bid¬ 
der  previously  defaulted  on  a  federal  loan. 
A  10MHz  license  in  Boston,  for  example, 
would  require  a  higher  upfront  payment 
than  a  10-MHz  license  in  Worcester,  Mass., 
because  the  population  in  Boston  is  higher. 

Next  week  the  FCC  is  expected  to  reveal 
all  qualified  bidders.  Although  49  entities 
filed  applications  to  participate  in  the  auc¬ 
tion,  only  22  initially  were  accepted,  pri¬ 
marily  because  the  other  applications 
were  missing  information.  That  number 
could  grow  if  companies  refiled  their  appli¬ 
cations  before  the  end  of  2004. 

It’s  more  difficult  to  determine  which  car¬ 
riers  will  bid  because  the  FCC  is  using  old 
auction  rules  that  let  only  entrepreneurial 
companies  bid  on  the  most  sought-after 
licenses  in  the  most  populated  cities.  This 
was  to  prevent  capital-rich  companies 
from  dominating  the  auctions.  So  instead 
of  directly  bidding  on  a  license,  some  of 
the  largest  wireless  service  providers  have 
created  or  teamed  up  with  smaller  compa¬ 
nies  so  they  can  bid  on  these  Tier  1  assets. 
“The  letter  of  the  law  is  being  observed,  but 
the  spirit  is  not,”  Entner  says. 

For  example,  Sprint  is  affiliated  with  Wire- 
free  Partners  III  and  Verizon  Wireless  is  affil¬ 
iated  with  Cellco  Partnership.  The  largest 
wireless  service  providers  aren’t  the  only 
companies  interested  in  this  spectrum. 
Bidders  include  resellers  such  as  AirGate 
PCS,  a  Sprint  affiliate,  and  small  incumbent 
local  exchange  carriers  such  as  BPS 
Telephone  Company 

The  FCC  held  its  first  PCS  auction  about 
nine  years  ago,  and  the  history  of  these 


Auction  facts 

The  FCC  is  about  to  sell  lucrative 

PCS  licenses.  Here  are  details: 

•  Selling  242  licenses  in  PCS  blocks 
A,  C,  D,  E  and  F. 

•  Bands  span  1850  MHz  through  1990 
MHz^ 

•  49  companies  applied  to  participate 
in  the  auction. 

•  The  FCC  will  reveal  all  qualified 
bidders  next  week. 

•  The  most-coveted  licenses  are  in 
Houston,  Los  Angeles,  Minneapolis 
and  Seattle. 

•  The  auction  is  expected  to  begin 
Jan.  26. 

transactions  has  been  rocky 

Most  notoriously  NextWave  Telecom  bid 
$4.74  billion  on  spectrum  in  the  FCC’s  1996 
auction.  The  firm  defaulted  on  payments 
for  those  licenses  and  later  filed  for  bank¬ 
ruptcy  The  FCC  then  reposed  the  licenses 
and  reauctioned  them  in  2003  for  about 
$16  billion.  But  auction  winners  such  as 
Verizon  Wireless  and  Nextel  never  received 
those  licenses.The  U.S.  Supreme  Court  later 
annulled  that  auction, stating  the  FCC  over¬ 
stepped  its  authority  when  it  reposed  the 
licenses  from  a  company  that  filed  for 
bankruptcy  protection. 

In  a  settlement  deal  last  year  NextWave 
retained  a  portion  of  the  most  lucrative 
licenses.  In  the  same  deal  the  company 
returned  the  majority  of  its  licenses  to 
the  FCC.  NextWave  later  sold  many  of  its 
licenses  to  Cingular  and  Verizon  Wireless  as 
part  of  its  restructuring  plan. 

Although  the  PCS  spectrum  being  auc¬ 
tioned  in  two  weeks  is  expected  to  im¬ 
prove  service  in  certain  markets,  analysts 
say  another  auction  is  more  interesting. 

Late  last  year  the  FCC  announced  plans  to 
auction  off  licenses  in  the  1710-  through 
1 755-MHz  and  2110-  through  2155-MHz 
bands  as  early  as  June  2006.The  FCC  is  call¬ 
ing  these  assets  Advanced  Wireless  Services 
licenses,  and  they  are  designated  for  3G  ser¬ 
vices.  The  federal  government  currently 
uses  the  1710-  through  1755-MHz  bands, 
and  those  users  will  be  moved  to  another 
band  before  the  auction. 

Entner  says  the  new  spectrum  band  s  will 
make  high-speed,  mobile  wireless  data  ser¬ 
vices  more  widely  available.  But  services  in 
these  bands  are  likely  two  yeais  off.  8! 


When  it  comes  to  characterizing  the 
telecom  market  evolution  over  the 
past  few  years,  Jerry  Garcia  and 
friends  said  it  best:  What  a  long,  strange  trip 
it’s  been. 

Hold  on  to  your  hats,  friends,  because  it’s 
about  to  get  stranger  still.  A  glimpse  into 
the  crystal  ball  for  2005  reveals  several  sig¬ 
nificant  trends.  Think  wireless.  Conver¬ 
gence.  And  the  ongoing  cluelessness  of  reg¬ 
ulators  (some  things  never  change). 

Here  are  my  predictions  for  the 
year  ahead: 

1.  The  telecom  sector  re¬ 
bounds.  We’re  not  talking  about  a 
repeat  of  the  1990s  frenzy  —  think 
steady  incremental  growth.  But  all 
signs  are  positive:  Network  man¬ 
agers  consistently  say  they  antici¬ 
pate  significant  bandwidth  growth  over  the 
next  12  to  18  months,  typically  50%  to 
100%.That’s  good  news  for  most  major  ser¬ 
vice  providers  (except  MCI,  see  below) 
and  the  infrastructure  players  that  sell  to 
them  (Cisco, Juniper,  Nortel  and  Lucent). 

2.  Wireless  broadband  emerges.  Forget 
fiber.The  future  of  broadband  local  access 
is  wireless.  But  which  one?  The  ultimate 
winner  might  be  802.16  WiMAX,  high¬ 
speed  packet  download  access,  802.20 
Mobile  Broadband  Wireless  Access,  802.22 
or  some  other  flavor.  It’s  too  soon  to  call 
(that’ll  be  the  topic  of  a  future  column). 
Look  for  services  to  roll  out  in  the  U.S., 
Europe  and  Asia  starting  this  year. We’re  just 
at  the  beginning  of  the  technology  hype 
cycle,  so  the  rollout  will  be  followed  by  the 


Gazing  into  the  crystal  ball 
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test  drive  1&1 


Inside  every  small  business  there's 
a  website  waiting  to  get  out 


Specializing 

in  estate  homes 


Bro  wn 

Simmons 

Realtors _ 

l  Home  I  Local  Listings  I  New  Construction  I  Agents  I  Mortgage  Calculator  I 

Welcome  to  Brown  Sc 

estate  homes  for  over 
tw  o  generations. 

From  new  construction 
to  historic  homes, 
we're  here  to  help  you 
and  vour  family  find 
the  perfect  home. 
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Dear  JKn. 


Welcome  to  fee  Mont*  Update  torn  Brown  1  Simmons.  Realtors.  Thw  moofe.we  have  mom 
really  special  properte*  to  show  you  You  cen  c*a  fee  ofece  «( anytime  to  Maul  more  data** 
on  theta  ksangs 

4  todratm,  3  V2  sttmnttj 

emu  fe  1 M7.  Ms  single  frmfe  home  a touted 
in  a  charming  neighborhood  and  stls  on  I  acre 
oTIand  VWappradmatoy  4.200  square  feet  of 
Wring  space.  tee  home  features  a  targe  deck 
from  the  Wfchen,  large  eat-ln  Wtchen.  femty 
room,  formal  IMng  room.  2  fireplaces, 
hardwood  doors  throughout,  slights,  soaking 
tub  in  fee  matter  barroom,  and  loads  morel 
This  home  is  a  must  seel 


In2site  Live  Dialogue  lets  you  communicate  with 
your  site  visitors  live  and  in  real  time,  making  it  an 
invaluable  tool  for  sales,  support  and  consulting 
professionals  alike. 


With  1&1  WebElements,  you  can  generate  valuable 
feedback  and  collect  qualified  leads  by  adding  template- 
driven  contact  forms,  online  polls,  event  registrations 
and  more  to  your  site. 


The  1&1  Newsletter  Tool  provides  a  cost-effective 
way  to  build  and  maintain  relationships  with  your 
site  visitors.  Create  your  own  mailing  lists,  manage 
recipients'  addresses,  track  results  and  more. 


The  firm's  diverse  technical  staff  deludes  civil, 
mechanical  and  electrca)  erqineers  end  CAD 
tnrJmiriflrs,  nn-site  p'njfwt  r.nnstnjrtinn,  snpf 


HAT  Engineering 


It's  easy! 


I«VT  Crgi nearing  it  an  internationally  reeogmzed 
leader  n  project  englreennc,  conswcton, 
cevelopment  and  financhg'in  many  ndustry 


"I'm  not  a  professional  web  designer,  but 
with  l&l's  included  site-building  tools  I 
was  able  to  create  a  professional-looking 
website  in  a  short  time  and  without  any 
prior  programming  experience.  I  can't 
believe  how  easy  it  was  for  me  to  create 
my  own  high-impact  web  presence!" 

Bruce  Zachary,  Engineer 


It  works! 

"1&1  gives  you  these  great  marketing 
tools  that  help  me  better  communicate 
with  my  customers!  I  can  see  when 
someone  comes  to  my  site  and  converse 
with  them  right  then  and  there!  I  can 
easily  collect  and  manage  my  customers' 
data,  and  I  can  send  e-mail  newsletters 
announcing  special  offers." 

Kelly  Sloan,  Salon  Owner 


It's  free! 


"When  I  heard  about  l&l's  previous 
test  drive  promotion,  I  decided  to  give 
web  hosting  a  try.  Turned  out,  a  website 
was  exactly  what  my  business  needed. 

I  am  able  to  showcase  my  work  and 
attract  new  customers.  Being  able  to 
test  drive  the  package  convinced  me 
to  stay  with  1&1." 

Arthur  Limes,  Carpenter 


T/V ;  m 

Test  drive  the  1&1  BusinessPro  Package  - 
1&1's  most  popular  hosting  plan  -  including 
all  the  professional  tools  you  need! 

/  6  Month  FREE  Trial! 
y  No  Credit  Card  Required! 
y  No  Strings  Attached! 
y  1  Domain  Name  Included! 
y  24/7  Phone  Support! 

1  &1  began  as  a  small  business  some  years  ago,  so  we 
understand  your  needs.  If  you're  ready  to  move  your 
business  online  but  thought  it  would  be  too  difficult 
or  too  large  of  an  expense,  turn  to  1  &1 .  Our  hosting 
solutions  are  turnkey  so  you  don't  have  to  search  for 
the  features  you  need  -  they're  all  included!  Even  the 
design  takes  just  minutes.  And  with  the  business 
packages  starting  at  only  $9.99  per  month,  it  won't 
break  your  budget! 

Now  -  for  a  limited  time  -  you  can  get  online  with 
1&1  with  a  no  obligation,  6-month  test  drive  of 
the  1&1  BusinessPro  Package  -  1&1's  most  popular 
hosting  plan!  Join  the  millions  of  small  businesses  who 
have  already  established  a  successful  online  presence 
with  1  &1 .  Your  free  trial  is  just  a  click  away.  But  hurry, 
this  offer  ends  February  28,  2005! 


What’s  ahead  for  Yonage  in  2005? 
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Cisco/Linksys  touts  residential 
IP  telephony  as  the  next  big 
thing.  A  slew  of  broadband  pro¬ 
viders  from  AT&T  to  Cablevis- 
ion  jump  on  board  to  offer  flat- 
rate  phone  services  with  com¬ 
pelling  new  features.  What's  it 
all  mean  for  the  upstart  that 
started  it  all,  Vonage  Holdings? 
Network  World’s  Net.  Worker 
Managing  Editor  Toni  Kistner 
discusses  the  company's  plans  for  the  new  year 
with  Vonage  Chairman  and  CEO  Jeffrey  Citron. 


Vonage  partnered  with  Viseon  in  an  exclusive  deal  to  offer 
broadband  videophone  service.  How  will  Vonage  succeed 
with  a  product  that's  never  taken  off? 

We’re  working  with  Viseon  to  solve  the  problems 
that  have  plagued  videophones  historically  One  big 
concern  has  been  pricing.  Videophones  have  been 
terribly  expensive,  not  really  approachable  below 
$500.The  other  problem  is  quality  There  just  hasn’t 
been  enough  bandwidth.  But  conditions  in  the  home 
have  changed.  Higher  bandwidth  is  becoming  more 
readily  available,  compression  technologies  more 
advanced.The  quality  of  the  phones  is  now  very 
good,  and  finally  we  think  we  can  bring  down  the 
price  and  make  it  affordable. 

How  will  you  bring  down  the  price? 

We’ll  be  announcing  pricing  details  soon.  But  the 
bigger  question  in  the  video  telephony  world  is  do 
people  really  want  this.  We  think  if  it’s  affordable,  they 
do.  I  guess  we’re  going  to  find  out. 

What  other  hurdles  exist  for  consumer  adoption?  Fewer  than 
800,000  VoIP  consumer  lines  were  installed  in  2004,  accord¬ 
ing  to  In-Stat/MDR.  That's  still  relatively  low. 

Awareness:  It  took  two  decades  before  there  was  a 
cell  phone  in  every  household.lt  wasn’t  just  price  or 
service,  it  just  took  time  to  educate  people.The  good 


news  with  residential  VoIP  is  that  the  adoption  rate  is 
much  faster. We’re  looking  forward  to  a  robust  ’05. 

But  isn’t  the  nature  of  consumer  broadband  (typically  asyn¬ 
chronous)  a  big  barrier?  Download  speeds  might  be  1M  or 
2M  bit/sec,  but  upload  speeds  are  abysmal  for  video,  128K 
bit/sec,  maybe  256K.  Don't  you  need  at  least  51 2K  bit/sec 
uploads  for  decent  performance?  If  I  get  upload  speeds  of 
128K  bit/sec  and  buy  your  product  I'm  going  to  hate  it 

Well,  128K  bit/sec  would  be  a  little  challenging. 

Some  consumers  aren’t  even  aware  what  their  upload 
speeds  are. That  is  an  issue. 

Is  Vonage  doing  anything  to  spur  service  providers  to  offer 
higher  upload  speeds  or  synchronous  service  tailored  to 
videoconferencing  applications?  Isn't  the  success  of  your 
product  riding  on  this? 

We  do  help  by  educating  our  customers  about  band- 
width.The  good  news  is  that  the  industry  is  moving  the 
speeds  up  for  both  uploads  and  downloads,  so  this 
problem  is  sort  of  self-correcting.  Even  so,  there  is  still  a 
lot  of  old  cable  plant  out  there  with  low  speeds,  and 
some  operators  out  there  are  slow  to  replace  it.The 
cable  guys  are  giving  a  lot  more  bandwidth.  Many  DSL 
providers  are  still  running  DSL  1,  which  has  limitations. 

With  big  name  providers  getting  into  the  consumer  IP  tele¬ 
phony  market,  what's  your  strategy  to  gain  market  share? 

My  goal  is  to  be  the  largest  provider,  so  1  have  to 
grow  my  customer  base  faster  than  they  do.  So  far 
Vonage  has  been  able  to  do  this,  particularly  in  the 
fourth  quarter  [of  2004] ,  even  with  Time  Warner  and 
Cablevision  factored  in. 

What's  in  the  company's  future? 

We  don’t  anticipate  being  bought  out.  We’re  definitely 
in  it  for  the  long  haul.  We’re  making  enormous  invest¬ 
ments  in  our  technology  personnel  and  facilities  to 
accommodate  a  long  period  of  growth. 

What  are  your  goals  for  2005? 

To  continue  to  increase  the  number  of  devices  cus¬ 
tomers  can  use  on  our  network.  Initially  we  offered 
one  box  from  Cisco,  then  added  one  from  Motorola. 


Residential  VoIP  vaults 

Between  cable  VoIP  services  and  hosted 
SIP  services  from  Vonage  and  others,  the 
number  of  U.S.  residential  IP  telephony 
lines  is  expected  to  surpass  9  million  by 
2008,  according  to  In-Stat/MDR.  Mean¬ 
while,  the  number  of  small-business  VoIP 
lines  is  expected  to  reach  1.7  million. 

■5  Residential  cable  VoIP  subscribers 

■  Residential  hosted  VoIP  subscribers 

■  Business  users,  combined  cable  and  hosted 
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We  have  four  different  devices  from  Linksys,  devices 
from  Netgear,and  we’re  adding  videophones. We  want 
to  add  newer  kinds  of  devices  from  different  manufac¬ 
turers  so  customers  can  choose  different  ways  to  con¬ 
nect  their  communication  system  to  our  network.That 
means  building  our  adapters  into  cable  and  DSL 
modems,  routers,  access  points,  media  centers.  We  can 
offer  a  more  holistic  approach,  where  one  box  does 
everything,  as  well  as  a  stackable  approach,  where  you 
add  this  thing  to  something  you  already  have.  ■ 


■  Vonage  Holdings  has  announced 
three  partnerships  that  will  let  it  ex¬ 
tend  itsVoiP  offerings.  Vonage  and 
VTech  will  develop  a  5.8-GHz  cordless 
phone  system  that  plugs  into  a  broad¬ 


band  modem  or  router,  eliminating  the 
need  for  a  stand-alone  adapter  and 
phone.  Vonage  and  UTStarcom  will 
develop  a  portable  802.11b  wireless 
handset.  Both  products  are  expected 
to  ship  in  late  spring.  Vonage  and 
Viseon  plan  to  offer  Viseon's  Digital 
Home  Telephone  for  VoIP,  a  broadband 
videophone  with  a  cordless  handset 
that  has  an  integrated  phone  adapter 


with  WAN  and  PC  ports  so  broadband 
connectivity  can  be  shared  without  a 
router.  Pricing  hasn't  been  set. 

■  Linksys  has  announced  a  media 
adapter  that  supports  the  digital 
rights  standard  DTCP-IP,  which  al¬ 
lows  for  the  streaming  of  protected 
premium  content  from  online  services 
over  home  networks.  The  Wireless- 


G  Media  Link  uses  Digital5's  middle¬ 
ware  to  stream  content  to  devices, 
and  it  will  work  with  high-definition 
TVs  and  support  HD  content  when 
available.  Intel  supports  DTCP-IP,  and 
Linksys  recommends  using  an  Intel 
Pentium  4  PC  with  Hyper-Threading 
Technology  on  the  network,  it  is  slated 
to  ship  in  the  spring.  Pricing  has  not 
been  set. 


Identified  Internet  Mail  combats  fraud 


HOW  IT  WORKS 


Sending  domain 


Identified  Internet  Mail 

IIM  is  an  IETF  proposal  that  allows  a  recipient  or  a 
recipient’s  organization  to  authenticate  messages 
and  verify  their  authorization. 

Receiving  domain 
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O  The  sender  domain’s  mail  transfer  agent  (MTA)  or  mail  user  agent  (MUA)  server  signs  a  message  and  inserts 
a  new  header  with  the  user’s  signature  and  the  public  key  used  to  create  it. 

©  The  receiving  domain’s  MTA  or  MUA  verifies  the  legitimacy  of  the  signature  by  checking  the  public  key  included 
in  the  signature  header. 

©  The  receiving  MTA  or  MUA  authenticates  the  key  by  querying  a  key  registration  server  (KRS)  or  DNS  server 
in  the  sending  domain. 

Q  IIM  supports  the  use  of  optional  third-party  reputation  services  to  make  additional  policy-based  decisions 
on! 


■  BY  JIM  FENTON 

The  proliferation  of  spam,  e-mail  fraud 
and  messages  with  malicious  attachments 
is  a  serious  problem  for  businesses  and 
consumers.  While  various  e-mail  filtering 
technologies  can  reduce  the  quantity  of 
spam  that  finds  its  way  to  in-boxes,  spam 
and  virus  senders  still  can  disguise  the  true 
source  of  e-mail  or  make  it  appear  as  if 
messages  came  from  entities  the  recipient 
trusts  —  such  as  a  bank. 

The  Identified  Internet  Mail  (IIM)  specifi¬ 
cation  was  submitted  to  the  IETF  as  an 
Internet  draft  in  July  2004  and  is  under 
review.  IIM  provides  new  protection  that 
can  help  stem  the  tide  of  unwanted  and 
harmful  e-mail.  Compared  with  other  sig¬ 
nature-based  approaches,  IIM  offers  a  more 
reliable  way  to  authenticate  messages  and 
is  designed  to  provide  scalability  for  autho¬ 
rizing  large  numbers  of  public  keys.  IIM 
enables  e-mail  systems  to  confirm  that  a 
sender  is  authorized  to  send  messages 
using  a  specific  e-mail  address  and  that  the 
original  message  has  not  been  altered  by 
an  unauthorized  user. 

In  a  typical  IIM  use,  the  sending  e-mail 
domain’s  outgoing  mail  server,  known 
formally  as  a  mail  transfer  agent 
(MTA), “signs”  the  message  by  inserting  a 
new  header  with  the  sending  user’s  signa¬ 
ture  and  the  public  key  to  be  used  to  verify 
it.  The  key  used  for  signing  the  message  is 
one  that  has  been  authorized  by  the 
domain  administrator  for  the  specific 
e-mail  address  or  for  the  entire  e-mail 
domain.  Alternatively,  a  mail  user  agent 
(MUA),  software  used  by  the  message 
writer  or  reader,  or  mail  submission  agent, 
a  type  of  MTA  that  authenticates  the  mes¬ 
sage  sender,  can  sign  the  message. 


At  the  recipient’s  domain, an  MTA  or  MUA 
uses  the  public  key  included  in  the  signa¬ 
ture  header  to  determine  whether  the 
sender’s  IIM  signature  is  correct  for  the 
message.  The  server  also  queries  the  origi¬ 
nating  domain  to  determine  whether  the 
key  matches  that  of  an  authorized  sender. 
This  query  can  be  to  DNS  records  pub¬ 
lished  by  the  originating  domain  or  to  an 
HTTP-based  server  known  as  a  key  regis¬ 
tration  server,  depending  on  the  deploy¬ 
ment  needs  of  the  originating  domain. 
Based  on  the  response,  the  message  can  be 
sent  to  the  recipient  or  flagged  as  a  possi¬ 
ble  fraudulent  e-mail. 


Keys  used  to  sign  messages  can  be  autho¬ 
rized  for  an  individual  e-mail  address  or  for 
all  addresses  in  the  domain. 

The  receiving  MTA  can  attach  an  optional 
verification  header  that  communicates  the 
results  of  the  verification  process  to  the 
MUA.  This  lets  the  MUA  in  the  receiving 
domain  offload  verification  tasks  to  an 
MTA,  thereby  improving  the  timeliness  of 
verification  and  requiring  less  change  at  the 
user’s  desktop. 

Easy  to  implement,  IIM  mail  signing  is 
compatible  with  current  e-mail  infrastruc¬ 
tures  and  client  software.  Signing  and  veri¬ 
fication  can  be  implemented  by  plug-ins  to 


popular  mail  servers  and  client  software. 

Because  IIM  signing  involves  only  the 
addition  of  a  new  message  header,  receiv¬ 
ing  domains  that  have  not  implemented 
IIM  still  can  receive  IIM-signed  messages. 
And  network  managers  can  deploy  IIM  in  a 
manner  that  lets  a  signed  message  pass  ver¬ 
ification  if  only  insignificant  changes,  such 
as  modifications  to  spacing  or  line  breaks, 
have  been  made  to  the  message. 

With  IIM,  signing  can  occur  at  a  gateway 
or  at  a  mail  client,  which  supports  roaming 
users  or  those  who  use  affinity  domains 
that  do  not  maintain  their  own  MTAs.  IIM 
messages  also  include  a  signed  copy  of 
selected  message  headers,  which  are  often 
changed  in  transit.  If  a  header  has  been 
modified,  the  receiving  domain  can 
replace  the  headers  with  those  from  the 
signature,  alert  the  recipient  or  reject  the 
message. 

Once  IIM  has  verified  a  message’s  origin, 
third-party  reputation  and  accreditation 
services  can  be  used  to  decide  what  addi¬ 
tional  policy-based  actions  to  take  on  mes¬ 
sages.  For  example,  signed  messages 
known  to  be  from  reliable  domains  could 
be  white-listed  to  ensure  that  they  are  deliv¬ 
ered  to  the  recipient. 

Using  IIM,  organizations  will  be  able  to 
detect  when  spammers,  phishers  and  other 
fraudulent  e-mail  senders  are  disguising 
the  true  source  of  their  messages.  Com¬ 
panies  that  adopt  this  proposal  will  be  bet¬ 
ter  equipped  to  help  ensure  the  safety  of 
their  networks,  improve  employee  produc¬ 
tivity  and  reduce  expenses  associated  with 
eradicating  unwanted  e-mail. 

Fenton  is  a  Cisco  Distinguished  Engineer 
and  the  co-author  of  the  IIM  proposal.  He  can 
be  reached  at  fenton@cisco.com. 


Ask 


Dr.  Internet  By  Steve  Blass 

Our  three-PC  network  workgroup  uses  Internet 
Connection  Sharing  (ICS)  to  connect  to  the  ISP 
using  dial-up.  A  Windows  2000  PC  is  loaded  with  a 
PCI  56K  bit/sec  modem.  When  we  select  “on- 
demand  dial”  so  the  other  PCs  can  dial  out  on  it  a 
15-character  password  overrides  the  correct 
saved  password  for  the  dial-up  account  and  no 
authentication  occurs.  It  seems  to  be  a  local  sys¬ 
tem  account  How  do  I  get  the  correct  dial-up  pass¬ 
word  to  not  change? 


You  say  the  ICS  host  fills  in  the  wrong  password 
when  you  choose  “on-demand  dial,"  so  the  first 
thing  to  try  is  to  set  the  password  on  the  logon 
account  that  you  use  on  the  ICS  host  to  match 
the  dial-up  account  password,  and  then  see  what 
happens  when  you  try  to  connect  from  a  client. 
Next,  find  out  if  your  ICS  host  automatically  logs 
on  to  some  particular  account  at  startup,  and  if 
that  account  has  the  same  name  and  password 
as  the  dial-up  account.  Windows  workgroup  net¬ 


working  relies  on  shared  account  names  and 
passwords  among  the  workgroup  computers.  ICS 
relies  on  there  being  a  network  client  active  on  the 
workgroup  computers.  The  Microsoft  Knowledge 
Base  advice  for  ICS  problems  seems  to  be  to 
uninstall  ICS  and  then  re-install  for  a  fresh  start. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.intemet@change 
atwork.com. 
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Dealing  with  hot  spots 
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Mark 

Gibbs 


Welcome  to  another  year  of  Gear- 
head!  As  we  start  planning  a  strat¬ 
egy  to  shed  our  newly  acquired 
padding  we  have  a  couple  of  neat  prod¬ 
ucts  that  arrived  just  before  Christmas 
that  you  might  find  useful  in  the  coming 
year  should  you  look  for  or  find  yourself 
in  a  hot  spot. 

First,  we  have  the  WiFi  Seeker  from 
Chrysalis  Development.  This  2.25-by-1.2-by- 
0.43-inch  key-chain  device  detects  802.1  lb 
and  802.1  lg  signals  at  distances  up  to  300 
feet.  Press  the  button  on  the  device  and  the 
four  LEDs  on  the  front  will  flash  for  about  a 
half-second  if  there  is  a  Wi-Fi  source  within 
range.  It  then  will  display  between  one  and 
four  lights,  depending  on  the  signal 
strength. 

Inside  the  case  there  is  a  tiny  and  fairly 
directional  dipole  antenna  that  makes  the 
WiFi  Seeker  a  useful  access  point  locator. 
The  WiFi  Seeker  is  the  best  gadget  we’ve 
come  across  for  finding  Wi-Fi  hot  spots  and 
yours  for  around  $25. 


Our  second  product  addresses  a  differ¬ 
ent  hot  spot  issue  that  will  be  crucial  to  all 
male  users  of  laptops  who:  a)  actually  use 
their  laptops  on  their  laps,  and  b)  plan  to 
sire  children. The  problem  with  many  lap¬ 
tops  is  that  when  used  on  your  lap,  you 
might  find  you  have  a  personal  hot  spot 
—  in  fact,  some  laptops  get  uncomfort¬ 
ably  hot.  Hence  the  second  problem. 

Now  we  are  sure  you  are  avid  readers  of 
the  prestigious  U.K.  journal  Human  Repro¬ 
duction.  Thus,  you  must  have  seen  in  a 
recent  issue  the  results  of  a  study  titled 
“Increase  in  Scrotal  Temperature  in 
Laptop  Computer  Users,”  by  Dr.  Yefim 
Sheynkin  of  the  State  University  of  New 
York  at  Stonybrook  (for  more  details  go  to 
www.nwfusion.com,  DocFinder:  5332). 

The  study  involved  a  group  of  29  men 
between  the  ages  of  21  and  35.  Sheynkin 
and  his  colleagues  measured  subjects’,  er, 
private  temperature  both  with  and  with¬ 
out  laptops  in  a  room  where  the  tempera¬ 
ture  was  “about  71.6  degrees  Fahrenheit.” 
We  would  have  preferred  the  temperature 
measured  to  at  least  two  decimal  places. 

Apparently  when  the  gentlemen  held 
their  thighs  together  to  balance  a  laptop 
that  was  not  switched  on,  their  lap  tem¬ 
peratures  rose  by  about  3  degrees.The  sci¬ 
entists  then  switched  on  the  laptops, 


allowed  the  machines  to  warm  up  for  15 
minutes  and  placed  them  on  the  subjects’ 
laps.  The  gentlemens’  temperatures  rose 
by  just  more  than  1  degree  in  15  minutes. 

Sheynkin  said  that  because  the  body 
needs  to  maintain  a  proper  testicular  tem¬ 
perature  for  normal  functioning, “portable 
computers  in  a  laptop  position  produce 
scrotal  hyperthermia  by  both  the  direct 


heating  effect  of  the  computer  and  the  sit¬ 
ting  position  necessary  to  balance  the 
computer”  Do  we  need  to  point  out  that 
scrotal  hyperthermia  in  men  leads  to 
decreased  fertility?  No,  we  do  not. 

After  one  hour  of  use,  the  surface  tem¬ 
perature  of  the  laptops  rose  from  around 
88  degrees  to  nearly  104  degrees,  and  for 
the  gentlemen  the  temperature  rise  was 
on  average  4  degrees  on  the  left  of  the 
scrotum  and  5  degrees  on  the  right.  Who 
could  have  guessed? 

So  all  you  laptop-using  chaps  planning 
to  start  families  must  be  starting  to  won¬ 


der,  “what  can  I  do?”  Simple,  buy  a  $30 
Laptop  Desk  from  LapWorks  (or  APC’s 
stand,  below). 

The  Laptop  Desks  will  not  only  reduce 
the  risk  of  scrotal  hyperthermia  as  proved 
by  a  thermal  study  conducted  by  the  Cali¬ 
fornia  Polytechnic  University  at  Pomona 
(see  details  at  DocFinder:  5333),  they  will 
also  allow  you  to  sit  in  a  better  posture. 


When  not  defending  your  lap,  the 
Laptop  Desks  can  be  folded  into  a  wedge 
shape  that  places  the  laptop’s  keyboard  at 
a  more  ergonomic  typing  angle  and 
improves  non-lap-based  cooling. 

We  tried  the  Laptop  Desk  Version  2.0 
and  the  new  Laptop  Desk  UltraLite  that  is 
thinner,  lighter  and  designed  specifically 
for  road  warriors  using  notebooks  of  5 
pounds  or  less.  In  both  cases,  our  posture 
was  much  better  and  we  were,  shall  we 
say,  personally  much  cooler. 

Hot  tips  to  gearhead@gibbs.com. 


The  problem  with  many  laptops  is  that  when  used 
on  your  lap,  you  might  find  you  have  a  personal  hot 
spot — in  fact,  some  laptops  get  uncomfortably  hot. 


Soul  fools  Solving  Gearhead’s  ‘hot  spots’ 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


While  Gearhead  is  off  reading  his  prestigious  jour¬ 
nal,  we  have  another  answer  that  will  cool  down 
your  personal  “hot  spots.”  The  Ergonomic  Mobile 
Computing  Stand  has  the  ability  to  reduce  the  risk  of,  as 
Gearhead  says,  scrotal  hyperthermia  and  keep  your  lap¬ 
top  from  overheating. 

The  scoop:  Ergonomic  Mobile 
Computing  Stand  and  Optical 
Travel  Mouse,  from  APC,  about  $50 
($30  for  the  stand,  $20  for  the 
mouse, sold  separately). 

What  it  does:  The  Ergonomic 
Mobile  Computing  Stand  is  basi¬ 
cally  a  piece  of  plastic  that  you  APC’s  Ergonomic 
can  put  your  notebook  on  to  help  Mobile  Computing 
cool  the  system  (by  raising  it  off  Stand  lets  air  flow 

the  desk  or  other  surface  airflow  under  a  laptop  t0  he,p 
the  desk  or  other  surface,  airflow  eHminate  the  -hot  leg- 

helps  keep  the  system  from  get-  syndrome. 

ting  too  hot). 

The  stand  includes  rubber  pads 
that  keep  the  stand  from  slipping,  an  extendable  mouse 
pad  that  pops  out  to  provide  a  solid  surface,  and  re 
tractable  legs  that  tilt  the  stand  for  use  on  a  desk. 

The  Optica!  Travel  Mouse  is  a  two-button  mini-mouse 
with  a  scroll  wheel  that  has  a  retractable  cable  for  easier 
storage. 

Why  it’s  cool:  The  device  will  please  travelers  who  like 
to  use  their  laptops  while  sitting  on  a  hotel  bed  or  in  an 


airport  to  alleviate  what  we  prefer  to  call  “hot  leg”  syn- 
drome.The  stand  helps  eliminate  that  effect  and  provide 
a  more  solid  surface  for  the  mouse. The  retracting  cable 
on  the  optical  mouse,  as  well  as  the  light  weight  of  the 
notebook  stand,  make  this  a  no-brainer  to  bring  along 
on  trips. 

The  price  seems  a  bit  high  for  a  basic  piece  of  plastic, 
but  for  road  warriors  concerned  with  their  fertility  it’s  a 
small  price  to  pay 

Grade:  ★★★V  (out  of  five) 

The  scoop:  QL-500  Label  Printer,  from  Brother,  about  $100. 

What  it  does:  The  QL-500  connects  to  a  PC  via 
USB  cable  and  included  software  lets  you 
create  labels, such  as  address  labels,  name 
tags  or  whatever  else  you  can  imagine 
that  would  work  on  a  sticker. 

The  printer  prints  out  labels  one  at  a  time, or 
you  can  print  out  multiple  labels  during  one  ses¬ 
sion.  The  system  comes  with  its  own  label  design  soft¬ 
ware,  or  you  can  print  labels  directly  from  Word,  Excel  or 
Outlook.  The  compact  printer  supports  many  label  styles 
(all  sold  separately),  so  items  such  as  visitor  badges, 
CD/DVD  labels  and  other  odd-shaped  label  sizes  can  be 
produced  through  the  printer. 

Why  it’s  cool:  With  regular  printers  and  sheets  of  labels, 
if  you  don’t  have  a  full  list  of  addresses  you  waste  the 
extra  labels. With  this  printer, you  print  only  the  labels  you 
need,  nothing  else  is  wasted. 

Setup  was  easy,  and  the  software  is  fun  to  play  with 
(especially  loading  up  clip  art  and  creating  fake  labels). 

Grade:  irkici 


from  IOGear,  about  $350. 

What  it  does:  An  “ultraportable”  external  hard  drive,  the 
Ion  portable  hard  drive  offers  40G  bytes  of  storage  and  can 
connect  to  a  PC  or  Macintosh  over  USB  2.0  connections  or 
FireWire.The  device  includes  a  DC  power  adapter,  back-up 
software  (Dantz  Retrospect),  carrying  case  and  a  built-in 
belt  clip  so  you  can  carry  your  hard  drive  with  you. 

Why  it’s  cool:  Transferring  large  batches  of  files  was 
extremely  easy  with  this  device.  We  just  plugged  it  in, 
attached  the  cable  to  our  computer  and  the  drive  mount¬ 
ed  as  an  additional  drive  (two  separate  volumes  are  pre¬ 
formatted  for  you). 

This  was  useful  in  transferring  all 
our  music  files  from  a  Windows 
XP  PC  to  a  new  Apple 
iBook  G4  notebook  be¬ 
cause  we  could  use  the  USB 
2.0  cable  on  the  PC  and  then 
switch  to  the  FireWire  cable  for  the 
Apple  transfer. 

We  transferred  264M  bytes  in 
about  20  seconds,  and  the  rest 
of  the  music  collection  (about 
5G  bytes)  transferred  in  about 

6  minutes.  The  ports  were  clearly  labeled  to  let  you  know 
where  cables  went. 

We  also  were  impressed  with  the  drive’s  size  —  carrying 
around  40G  bytes  of  storage  has  never  been  easier  or  cool¬ 
er  to  do,  especially  with  the  attached  belt  clip.  Having  USB 
2.0  also  helps  immensely  as  it’s  the  difference  between  a  72- 
minute  file  transfer  (over  USB  1.1)  and  a  4-minute  transfer. 

Grade:  ★★★★ 


IQGear’s  Combo  Ion  bard 
drive  let  us  transfer  2S4M 
bytes  from  a  PC  to  a  note¬ 
book  in  about  20  seconds. 


The  scoop:  1. 8-inch  Combo  Ion  hard  drive,  40G  bytes,  Shaw  can  be  reached  at  kshaw@nww.com. 
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ON  TECHNOLOGY 

Network  World  Staff 

Ten  predictions  for ’05 

Last  week  we  reviewed  our  2004  predictions  (we  only 
got  about  50%  right  this  time  around),  and  now  it’s 
time  to  turn  our  gaze  on  this  new  year. 

•  As  companies  use  component  architectures  to  build 
applications,  operations  headaches  are  beginning  to 
emerge. The  problem:  Simple  components  are  easy  to  build 
and  easy  to  bolt  into  larger  apps,  but  if  the  little  pieces  don’t 
go  through  the  usual  quality  checks  the  process  can  result 
in  a  house  of  cards.  Look  for  companies  to  review  core 
processes  and  reach  for  new  tools. 

•  The  utility  computing  vision  will 
require  standardizing  on  management  ^ 
tools  from  a  single  vendor,  or  a  strategic 
set  of  five  or  fewer  vendors  with  integrat¬ 
ed  wares.The  big  management  guns  — 

CA,  BMC,  HP  and  IBM  —  recognize  that  and  went  on  an 
acquisition  binge  last  year.  Now  they’re  teaming  with  players 
like  Cisco.  Expect  more  acquisitions  and  partnerships. 

•  An  increasing  awareness  of  the  dangers  of  spyware  will 
distinguish  2005  as  the  first  year  businesses  make  substan¬ 
tial  purchases  for  desktop  protection.  Microsoft  —  which 
just  acquired  anti-spyware  company  Giant  —  will  push 
into  the  market,  while  the  anti-virus  crowd,  including 
McAfee  and  Trend  Micro,  will  make  more  noise  about  their 
new  protection  tools. 

•  With  10G  Ethernet  prices  coming  down  and  bandwidth 
demands  increasing,  10G  Ethernet  adoption  will  take  off  as 
companies  replace  Gigabit  backbones  installed  four  or  five 
years  ago. The  emergence  of  10G  NICs  for  servers  and  stor¬ 
age  systems  also  will  spur  adoption. 

•  LAN  switches  will  take  on  more  tasks  as  vendors  inte¬ 
grate  functions  such  as  IDS,  IPS,  anti-virus,  anti-spam  and 
Wi-Fi.  Also,  look  for  new  switch  entrants  touting  innovative 
switch  designs. 

•  Complying  with  Sarbanes-Oxley  and  other  regulations 
has  been  painful  and  time-consuming.  Companies  are 
looking  for  ways  to  automate  the  compliance  process. 

Look  for  new  tools,  even  new  vendors,  to  emerge. 

•  Consolidation  comes  in  waves,  so  expect  the  recent 
Symantec/Veritas  and  Sprint/Nextel  deals  to  create  ripples 
in  those,  and  adjacent,  markets.  Not  all  of  the  resulting 
activity  will  make  sense. 

•  Huge  VoIP  deals  were  signed  in  2004,  and  these  won’t 
backfire  like  some  of  the  earlier  deals  (remember  Merrill?). 
Look  for  more  major  contracts  and  the  big  carriers  to  roll 
out  significant  IP  Centrex  services. 

•  The  open  source  movement  got  a  boost  from  the  suc¬ 
cess  of  FireFox  last  year.  Look  for  that  to  ignite  interest  in 
still  other  open  source  applications.The  movement  isn’t 
just  about  Linux  any  more. 

•  Wi-Fi  is  easy  and  handy,  but  shared  10M  bits/sec  pipes 
just  don’t  cut  it. Vendors  are  roiling  out  pre-802.1  In  100M- 
plus  bit/sec  products,  but  early  tools  won’t  be  interoperable 
and  won’t  comply  with  the  ultimate  Wi-Fi  standard,  which 
isn’t  expected  to  be  ratified  for  a  few  years.That  won’t  stop 
the  marketing  machines. 


opinions 
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Better  billing  needed 

Regarding  the  story  “Carriers  jump  into  auditing” 
(www.nwfusion.com,  DocFinder:  5323):  It  is  almost 
laughable  that  carriers  are  trying  to  “sell”  the  cus¬ 
tomer  an  accurate  invoice.  An  inaccurate  bill  is  a 
breach  of  confidence  between  the  customer  and 
supplier  that  the  supplier  should  work  diligently  to 
resolve.  When  the  inaccuracy  becomes  the  normal 
course  of  business  for  the  supplier,  it  is  simply 
unethical. 

Telecom  customers  spend  considerable  time 
and  money  to  uncover  carrier-billing  errors,  so 
shouldn’t  the  customer  charge  the  vendor  for  the 
costs  of  incorrect  bills?  Carriers  that  are  penal¬ 
ized  for  the  errors  would  be  motivated  to  issue 
correct  invoices  the  first  time.  It  surprises  me  that 
this  has  not  turned  into  an  issue  for  a  state  attor¬ 
ney  general. 

Some  vendors  have  taken  a  “catch  me  if  you 
can”  approach  to  this  problem.  Gartner  analyst 
Eric  Goodness  has  observed  that  “12%  to  20%  of 
telecom  charges  are  in  error,  and  85%  of  the  errors 
are  in  the  carrier’s  favor”  (see  DocFinder:  5324). 
His  observation  is  consistent  with  my  company’s 
experience,  but  we  also  have  noted  that  the  15% 
of  the  errors  in  our  favor  are  trivial  in  actual  dol¬ 
lars  compared  with  the  dollars  in  the  carrier’s 
favor. 

One  of  my  company’s  wireless  vendors,  which 
was  mentioned  in  the  story,  begrudgingly  issues 
us  credits  on  every  invoice  —  at  a  rate  of  hun¬ 
dreds  of  thousands  of  dollars  per  year  —  but 
only  when  we  catch  the  errors.  Although  the 
errors  this  carrier  makes  are  predictable,  the  car¬ 
rier  shows  no  intention  of  correcting  the  root 
causes.  1  can’t  bring  myself  to  accept  that  they 
are  going  to  “do  better"  when  I  subscribe  to  their 

E-mail  letters  to  jdix@nww.  com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  uerihcation. 


correct  invoicing. 

Trusting  the  carriers  to  “find”  the  errors  that  they 
have  failed  to  correct  over  the  years  is  counterintu¬ 
itive  to  me.  Carriers  simply  need  to  issue  correct 
invoices,  minimizing  the  need  for  telecom  audit¬ 
ing.  If  the  vendors  want  to  gain  the  trust  of  the  com¬ 
panies  they  are  supposed  to  service,  accurate 
billing  is  a  great  place  to  start. 

Eric  Reibsane 
Willow  Grove,  Pla. 

Criminal  motivation 

I  am  happy  to  see  more  coverage  of  computer 
criminals  and  their  motivations,  such  as  your  excel¬ 
lent  collection  of  stories, “Profiling  cybercrime:  Net¬ 
work  threats  and  defense  strategies”  (DocFinder: 
5325).  We  need  to  know  our  enemies  in  order  to 
defend  ourselves  from  them. 

However,  I  doubt  that  any  of  your  authors  or  quot¬ 
ed  experts  have  ever  interviewed  or  studied  real, 
live  cybercriminals.  If  they  had,  they  might  have 
guessed  that  the  most  common  motivation  is  not 
money  as  stated  in  the  story.  I  found  that  the  most 
common  motivation  among  the  200  cybercrimi¬ 
nals  that  I  have  interviewed  and  studied  starting  in 
1967  is  attempting  to  solve  intense,  unsharable,  per¬ 
sonal  problems.  Sociologist  Donald  Cressey  also 
reached  this  conclusion  among  300  white-collar 
criminals  that  he  interviewed  in  prisons. 

This  finding  has  made  confidential  personal  prob¬ 
lem-solving  advisory  services  for  employees  and 
management  one  of  the  most  important  (and  soci¬ 
ally  redeeming)  network  and  computer  security 
safeguards  that  I  have  recommended  to  most  of  the 
250  clients  that  I  have  advised  on  security  during  the 
past  35  years. 

Donn  Parker 

Certified  Information  Systems  Security  Professional 

RedSiren 
Los  Altos,  Calif. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder;  5321 


USER  VIEW 

Chuck  Yoke 


In  A  Tale  of  Two  Cities,  Charles  Dickens 
famously  describes  life  in  18th  century 
Paris  and  London  as  “the  best  of  times  . . . 
the  worst  of  times.”  Even  though  the  similari¬ 
ties  between  18th  century  Europe  and  21st 
century  America  are  few,  my  recent  experi¬ 
ences  with  DSL  also  can  be  described  as  the 
best  of  times  and  the  worst  of  times. 

The  worst  of  times  has  been  my  experience  with  carrier-provided, 
business-class  symmetric  DSL  (SDSL).  In  order  to  provide  a  less  costly 
connectivity  option  for  smaller  locations,  my  organization  developed  a 
VPN  service  that  uses  SDSL.  We  chose  SDSL  to  provide  a  higher  level  of 
service  than  residential  asymmetric  DSL  (ADSL)  offers. 

The  SDSL  service  is  provided  through  a  national  carrier.  Many  com¬ 
petitive  local  exchange  carriers  (CLEC)  deliver  the  actual  service, 
but  the  carrier  manages  the  vendors.  However,  because  the  carrier 
does  not  own  the  DSL  infrastructure, the  service  levels  have  been  less 
that  stellar. 

All  problems  have  to  go  through  the  carrier  first,  which  extends 
the  target  mean  time  to  repair  (MTTR)  to  48  hours  (vs.  the  24-hour 
target  the  CLEC  provides).  While  48  hours  of  downtime  is  bad 
enough,  the  48  hours  is  allocated  into  eight-hour  “chunks”  Monday 
through  Friday,  thus  increasing  the  target  MTTR  to  six  business 
days. 

Granted,  many  problems  are  resolved  much  more  quickly,  but  we 
have  had  multiple  instances  of  outages  lasting  from  six  to  10  busi¬ 
ness  days.The  impact  on  the  profit  and  loss  of  the  affected  locations 


DSL:  The  best  (and  worst)  of  times 


has  been  significant  and  we  are  currently  developing  temporary 
dial-up  solutions  to  avoid  a  catastrophic  loss. 

The  carrier’s  inability  to  provide  higher  service  levels  has  created 
an  unforeseen  risk  to  my  company’s  revenue  stream. This,  combined 
with  frustrated  users,  has  made  my  experience  with  SDSL  “the  worst 
of  times.” 

At  the  opposite  end  of  the  spectrum  is  my  experience  with  LEC- 
provided  residential  ADSL.  The  LEC  owns  the  entire  infrastructure, 
including  the  local  loop,  and  my  service  has  been  close  to  being  the 
“best  of  times.” 

There  were  a  few  problems  initially,  but  they  mainly  involved  a 
newly  retrofitted  digital  loop  carrier  in  my  subdivision  and  were 
resolved  within  12  hours.  After  the  first  few  weeks,  my  service  has  sta¬ 
bilized  and  I  have  not  experienced  any  problems.  And  I  am  paying 
one-fourth  the  cost  of  business-class  SDSL  and  getting  twice  the 
bandwidth. 

From  my  recent  experience,  carrier-provided,  business-class  DSL 
appears  to  be  an  over-rated  and  overpriced  service  that  does  not 
bring  the  value  to  justify  the  added  cost. The  value  of  DSL  —  higher 
bandwidth  at  a  lower  cost  —  can  best  be  offered  by  the  LECs  that 
own  the  entire  infrastructure  and  can  resolve  problems  in  a  timely 
manner.  It  might  require  working  with  multiple  providers  to  get  the 
coverage  required,  but  it  is  worth  the  effort  to  have  the  best  of  times 
with  DSL. 


From  my  recent 
experience, 
carrier-provided, 
business-class 
DSL  appears  to 
be  an  over-rated 
and  overpriced 
service . . . 


Yoke  is  director  of  business  solutions  engineering  fora  corporate  net¬ 
work  in  Denver.  He  can  be  reached  at  ckyoke@yahoo.com. 


ABOVE  THE  CLOUD 

James  Kobielus 


ML  is  here  to  stay,  having  become  the 
standard  markup  syntax  for  most  new 
i  Web  services  protocols,  formats  and  in¬ 
terfaces,  such  as  Simple  Object  Access  Proto- 
col.The  flood  of  XML  on  networks  will  contin¬ 
ue  to  grow,  whether  or  not  IT  professionals  are 
prepared. 

Traditionally  XML’s  biggest  disadvantage  has  been  its  bloated,  ASCII- 
text-based  encoding,  which  requires  that  you  send  considerably  more 
bits  than  in  non-XML  binary  data  transfers.  Companies  can’t  address 
XML’s  bandwidth  consumption  issues  effectively  without  universal  stan¬ 
dards  that  describe  how  this  content  can  be  encoded  in  binary  for¬ 
mats.  Fortunately,  the  industry  has  made  notable  progress  in  this  area. 

One  approach  is  to  rely  on  various  industry  specifications  that  use  an 
XML-based  SOAP  message  as  a  manifest  for  describing  binary  data  files 
within  SOAP’s  surrounding  HTTP  packet.  SOAP  with  Attachments 
(SwA)  and  Microsoft’s  Direct  Internet  Messaging  Extensions  (DIME) 
transmit  opaque,  non-textual  data  —  such  as  images  and  digital  signa¬ 
tures  —  along  with  an  XML  document.  But  they  don’t  support  binary 
encoding  of  all  content  within  XML  documents. 

Neither  SwA  nor  DIME  has  achieved  broad  adoption  within  the  in¬ 
dustry.  Recognizing  the  critical  need  for  a  consensus  standard  for  com¬ 
pact  XML  encodings,  the  World  Wide  Web  Consortium  (W3C)  has  de¬ 
veloped  new  candidate  recommendations  for  binary  encoding  of  XML 
within  SOAP  1.2  payloads:  SOAP  Message  Transmission  Optimization 
Mechanism  (MTOM)  and  XML-binary  Optimized  Packaging  (XOP).The 
W3C’s  XML  Binary  Characterization  Working  Group  has  released  the 
first  public  working  draft  of  its  “XML  Binary  Characterization  Proper¬ 
ties”  document,  describing  properties  desirable  for  MTOM,XOP  or  any 
other  serialization  of  the  XML  data  model. 

MTOM  and  XOP  have  much  broader  vendor  support  than  any  prede¬ 
cessor  specification  for  XML-to-binary  serialization.  MTOM  and  XOP 
describe  how  to  produce  optimized  binary  encodings  of  XML  content 


Taming  the  XML  beast 


within  SOAP  1.2  payloads.  MTOM  and  XOP  preserve  one  of  XML’s  great 
strengths:  the  transparency  of  the  tagged,  logical  data  structure  that  a 
particular  document  implements. 

For  any  given  XML  document,  MTOM  and  XOP  preserve  its  logical 
transparency  structure  by  encoding  that  structure  in  a  text-based  “XML 
Information  Set”  manifest,  while  allowing  any  of  the  document’s  con¬ 
tents  to  be  serialized  to  any  binary  encoding.  In  particular,  these  specifi¬ 
cations  support  binary  encoding  of  XML  content  as  Multipurpose 
Internet  Messaging  Extensions  Multipart/Related  body  parts  and  encap¬ 
sulation  of  those  parts  —  along  with  the  associated  XML  Information  Set 
manifest  —  within  SOAP  1 .2  envelopes.The  specifications  also  describe 
how  to  encapsulate  binary-encoded  XML  body  parts  directly  within 
HTTP  packets  (in  cases  where  SOAP  doesn’t  enter  the  equation),  there¬ 
by  reducing  the  size  of  XML  files  for  transmission  and/or  storage. 

One  limitation  of  MTOM  and  XOP  is  that  they  only  can  be  used  to  de¬ 
fine  hop-specific  encoding  contracts  between  adjacent  nodes  within 
an  XML/SOAP-message-handling  transmission  path. The  specifications 
don’t  describe  how  to  define  global  XML-encoding  optimization  poli¬ 
cies  that  apply  across  any  arbitrary  number  of  XML/SOAP-handling 
intermediary  nodes  —  an  important  requirement. 

It’s  important  to  note  that  MTOM  and  XOP  aren’t  yet  ratified  W3C  stan¬ 
dards  and  that  few  commercial  implementations  exist.  Companies  that 
want  to  base  their  XML-optimization  strategy  on  these  specifications 
might  have  to  wait  a  few  years  before  they  are  implemented  broadly  in 
commercial  application  platforms,  middleware  environments  and 
development  tools. 

But  the  industry  momentum  behind  MTOM  and  XOP  is  strong.  By  the 
end  of  this  decade,  IT  professionals  everywhere  will  rely  on  these  effi¬ 
cient  encoding  schemes  to  tame  the  XML  beast. 


The  industry 
momentum 
behind  MTOM  and 
XOP  is  strong. 


Kobielus  is  an  independent  IT  consultant  and  analyst  based  in  Alex¬ 
andria,  Va.  He  can  be  reached  at  (703)  924-6224  or  james_kobielus@ 
hotmail.com. 


reater  bandwidth, 
continuous  innovation, 


plus  compelling  cost  efficiency  make 
Ethernet  the  technology  of  choice  for 
enterprise  and  service  providers  alike. 
Foundry’s  Metro  Ring  Protocol 
(MRP)  takes  Ethernet  to  a  whole 
new  level  enabling  the  creation  of 
highly  scalable,  resilient,  fast 
converging  Ethernet  rings. 

Relying  on  an  intuitive  Ring  Hello 
mechanism,  Foundry’s  patented  MRP 
is  unique  in  its  ability  to  eliminate 
loops  in  ring  based  networks,  offering 
unprecedented  flexibility  in  ring 
interconnection,  and  offering  rapid 
sub-second  convergence  in  case  of 
link  or  device  failure.  The  Virtual 
Switch  Redundancy  Protocol  (VRSP) 
complements  MRP  by  providing 
redundant  interconnection  to  the 
backbone  and  default  gateway 
redundancy  for  edge/distribution 
layer  devices. 
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FOUNDRY 

NETWORKS 

The  Power  of  Performance™ 


** One  of  the  key  problems  in 
running  Layer  2  Metropolitan 
Area  Networks  is  the  need  for 
rapid  reconfiguration  if  outages 
.*»  occur.  Foundry’s  MRP  offers  the 
simplicity  of  Ethernet  combined 
with  SONET-like  rapid  failover, 
and  allows  service  provider  to 
take  advantage  of  the  low  cost 
and  simplicity  of  Layer  2 
Ethernet  networks  while  solving 
redundancy  and  scalability  issues .** 

Kent  MacDonald, 
Director  of  Telecom  Operations, 
Toronto  Hydro  Telecom 


chose  Foundry’s  Metro 
solution  because  it  meets  our 
strict  performance  and  reliability 
demands  perfectly  while  assuring 
us  of  the  capacity  and  scalability 
we  require  to  meet  our  future 
needs.  Foundry’s  Metro  Ring 
Protocol  allows  GlobalConnect 
to  guarantee  optical  network 
convergence  and  sub-second 
service  restoration  times.** 

Niels  Zibrandtsen,  CEO, 
GlobalConnect 


MRP  Advantages 

•  EFFICIENT  SIMPLE  CONTROL  OF  ETHERNET  RINGS 

•  RAPID  CONVERGENCE  FOR  HIGH  AVAILABILITY 

•  Cost  Efficient 

•  Efficient  ring  bandwidth  Utilization 

•  superior  scalability,  stability,  and  redundancy 


Example  Metro  Area  Network  (MAN)  Deployment  Scenario 


Example  MRP  and  VSRP  deployment  scenarios  in  both  enterprise  and 
A/LAN  to  build  high-peformance,  high-availability,  and  scalable  networks. 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  enterprise  and  Service  Provider  switching,  routing 
and  Web  traffic  management  solutions  including  Layer  2/3  LAN  switches,  Layer  3  Backbone  switches,  Layer  4-7  Web 
switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers. 

For  more  information  please  call:  US/CANADA  1  BB8  TURBOLAN, 

INTERNATIONAL  +1  40B.5S6.  1  700  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM/MRP 


Best  practice,  .. 

practice,  practice 

COBIT  is  a  proven  standard  that  can  help  with 
compliance,  business  accountability  and  auditing. 


1/10/05 ,  NetworkWorld 


Business  objectives 


The  GOBIT  model 

The  34  IT  processes 
defined  in  COBIT  are 
grouped  into  four 
domains  that  align  with 
the  IT  implementation 
cycle. 


I  BY  JOHN  MORENCY 


IN  GENERAL,  IT  EXECUTIVES  IMPLEMENT  BEST 
practices  because  they  need  to  increase  IT  predictability 
and  efficiency,  reduce  support  costs,  improve  customer  ser¬ 
vice  quality  or  meet  regulatory  requirements. 


The  two  most  well-known  standards  —  the  IT  Infra¬ 
structure  Library  (ITIL)  and  the  Control  Objectives  for  IT 
(COBIT)  —  have  existed  for  at  least  10  years,  support  a 
broad  range  of  management  services,  are  sponsored  by 
very  well-respected  organizations  (COBIT  by  the  Inform¬ 
ation  Systems  Audit  and  Control  Organization  and  ITIL 
by  the  IT  Service  Management  Forum)  and  have  been 
implemented  by  thousands  of  organizations  of  all  sizes. 

However,  COBIT  and  ITIL  are  very  different  in  their  ori¬ 
entation,  definition,  classes  of  problems  they  address  and 
the  specific  implications  regarding  “implementation." 

The  COBIT  standard,  which  the  IT  Auditors  Association 
first  released  in  1996,  was  designed  with  business 
accountability  and  auditability  in  mind.  For  example,  a 
frequent  application  of  COBIT  is  control  definition  that 
helps  businesses  comply  with  federal  government  man¬ 
dates,  such  as  the  Sarbanes-Oxley  Act. 

Think  of  a  control  as  a  logical  safety  valve  designed  to 
ensure  that  a  specific  operation  that  supports  the  cre¬ 
ation  of  production  financial  data  executes  as  intended, 
without  introducing  any  erroneous  or  fraudulent  data 
that  could  compromise  the  quality  of  the  company’s 
financial  reporting. 

An  example  is  a  set  of  traceable  (and  auditable)  flows 
across  one  or  more  production  applications  that  reliably 
increase  product  inventory  when  shipments  are  received 
from  suppliers  and  decrease  product  inventory  when  fin¬ 
ished  products  are  shipped  to  customers.  An  example  of 
an  IT  control  is  the  installation  of  anti-virus  software  on 
every  new  desktop  that  is  installed  within  a  specific  facil¬ 
ity,  along  with  the  ongoing  distribution  of  new  virus  signa¬ 
tures  to  each  licensed  desktop. 

IT  control  definition,  testing  and  progress  measurement 
are  task  categories  that  are  natural  COBIT  strengths.The 
COBIT  model  is  very  specific  in  its  definition  of  the 
processes  and  the  auditable  controls  that  need  to  be  in 
place  to  ensure  reliable  and  predictable  IT  processes. 

The  processes  defined  in  COBIT  are  grouped  into  four 
separate  domains  that  align  with  the  IT  implementation 
cycle. They  are:  Planning  and  Organization,  Acquisition 
and  Implementation,  Delivery  and  Support,  and 
Monitoring. 

Each  of  the  34  processes  also  has  its  own  assigned 
number  within  its  parent  domain  for  identification.  For 
example,  Problem  Management  controls  and  their  associ¬ 
ated  metrics  are  the  10th  process  defined  in  the  Delivery 
and  Support  domain,  while  Change  Management  is  the 


Delivery  and 
support 


sixth  process  defined  within 
the  Acquisition  and 
Implementation  domain. 

The  definition  of  each  COBIT  process  also 
clearly  states  the  control  objectives  of  the  process,  the 
critical  success  factors  needed  to  successfully  imple¬ 
ment  the  process,  specific  quantitative  metrics  that  can 
be  used  to  measure  process  quality  improvement  and  a 
process-specific  maturity  model  that  defines  the  process 
functionality  that  progresses  from  predominantly  manual 
to  fully  automated  and  optimized. 

In  addition, process-specific  success  factors  and  quanti¬ 
tative  improvement  metrics  (referred  to  as  the  Key  Goal 
Indicators  and  Key  Performance  Indicators)  are  also 
defined. These  can  be  used  as  part  of  a  continuous 
improvement  process. 

As  defined  by  its  authors,  COBITs  Management 
Guidelines  are  broadly  applicable  to  all  major  product 
segments  (network,  server,  storage,  application  and  desk¬ 
top)  within  the  networked  application  infrastructure. They 
are  also  action-oriented  and  very  relevant  to  addressing  a 
number  of  key  questions  that  often  are  asked  when  the 
focus  is  improving  IT  governance. This  includes: 

•  How  far  should  we  go,  and  does  the  benefit  justify 
the  cost? 

•  What  are  the  indicators  of  good  performance? 

•  What  are  the  critical  success  factors? 

•  What  are  the  risks  of  not  achieving  our  objectives? 

•  What  do  others  do?  How  do  we  measure  and 
compare? 

Specific  guidelines  for  support  process  maturity 
improvement  can  help  answer  some  of  these  questions 
by  providing  an  objective  and  measurable  set  of  criteria 
for  assessing  the  state  of  current  processes,  and  determin¬ 
ing  the  steps  required  to  achieve  and  quantify  measur¬ 
able  improvement. 

GOBIT  vs.  ITIL 

COBIT  and  ITIL  are  more  complementary  than  they  are 
competitive. 

COBIT  focuses  on  the  definition,  implementation, 
auditing,  measurement  and  improvement  of  controls  for 
specific  processes  that  span  the  entire  IT  implementa¬ 
tion  life  cycle.  As  such,  it  is  an  excellent  reference  model 
for  IT  governance  across  the  entire  implementation  life 
cycle. 

The  primary  focus  of  ITIL  is  to  provide  best  practice 
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definitions  and  criteria  for  operations  management.  More 
specifically  ITIL  primarily  focuses  on  defining  the  func¬ 
tional,  operational  and  organizational  attributes  that 
need  to  be  in  place  for  operations  management  to  be 
fully  optimized  in  two  key  categories.These  categories 
are  called  Service  Support  Management  and  Service 
Delivery  Management,  each  of  which  has  a  number  of 
supporting  subcategories. 

The  management  subcategories  for  Service  Support 
Management  include  Service  Desk,  Incident,  Problem, 
Configuration,  Change  and  Release  management,  while 
those  for  Service  Delivery  Management  include  Service 
Level,  Financial,  Capacity,  Service  Continuity  and 
Availability 

Each  subcategory  definition  includes  best  practice  crite¬ 
ria  for  many  areas,  including  organizational  support,  cross 
management  component  integration,  management  report¬ 
ing,  product  capability  implementation  quality  and  cus¬ 
tomer  service  quality 

If  your  goal  is  improving  the  quality  and  measurability 
of  IT  governance  across  the  entire  networked  application 
implementation  life  cycle  or  implementing  a  control  sys¬ 
tem  for  improved  regulatory  compliance,  COBIT  proba¬ 
bly  would  be  a  more  effective  choice. 

On  the  other  hand,  if  the  objective  is  to  continuously 
improve  IT  operations  efficiency  and  IT  customer  service 
quality  ITIL  would  probably  be  the  better  bet. 

However,  one  should  not  look  at  these  comparisons  as 
a  COBIT  vs.  ITIL  analysis.  It’s  important  to  understand  the 
design  center  differences  of  each  approach  and  adapt 
them  as  needed  to  meet  the  specific  requirements  of 
your  own  unique  environment. 

Given  the  substantial  implementation  experience  with 
both  standards  that  exists  in  the  industry'  today, you’ll 
have  plenty  of  peers  to  call  on  for  advice. The  even  better 
news  is  that,  unlike  hardware  or  software  products,  their 
acquisition  cost  is  extremely  low. 

Morency  is  a  managing  director  of  Transitional  Data 
Services,  a  service  provider  in  Hopkinton,  Mass. ,  that  special¬ 
izes  in  IT  orchestration  for  small  and  midsize  companies.  He 
can  be  reached  at  jmorency@transitionaIdata.com. 
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Voice  over  WLAN 


That’s  the  major  conclusion  of  our  first- 
ever  assessment  of  VoIP  capability  in 
WLAN  systems.  Over  the  course  of  three 
months  we  tested  WLAN  switches  and 
access  points  from  Aruba  Wireless  Net¬ 
works,  Chantry  Networks  (now  Siemens), 
Cisco  and  Colubris  Networks  in  terms  of 
audio  quality,  QoS  enforcement,  roaming 
capabilities,  and  system  features.  Other 
vendors,  including  Airespace,  Meru  Net¬ 
works  and  Trapeze  Networks,  declined  to 
participate  (see  “How  we  did  it”  at  www. 
nwfusion.com,  DocFinder:  5326,  for  a 
complete  list  of  invitees). 

Among  our  major  findings: 

•  With  QoS  enforcement  enabled,  the 
products  delivered  near-toll-quality 
audio,  provided  only  voice  traffic  is 
active.  This  is  fine  as  long  as  the  wireless 
network  carries  voice  traffic  only  but 
that’s  not  likely  as  companies  move 
toward  converged  voice-data  networks. 

•  When  voice  traffic  had  to  contend  for 
bandwidth  (even  with  a  little  data  traf¬ 
fic),  dropped  calls  were  common  and 
audio  quality  on  the  remaining  calls  was 
poor  in  many  cases  —  and  this  was  with 
QoS  enforcement  enabled. 

•  With  data  traffic  present,  roaming 
from  one  access  point  to  another  took 
anywhere  from  0.5  to  10  seconds  —  in 
cases  where  roaming  succeeded  at  all. 
These  long  delays  and  dropped  calls 
made  roaming  practically  impossible 
with  some  vendors’  gear. 

While  some  products  struggled  might¬ 
ily  in  our  tests,  Aruba’s  A2400  and  A800 
switches  and  A61  access  points  were 
consistently  strong  performers.  The 
Aruba  products  posted  generally  excel¬ 
lent  numbers,  regardless  of  how  much 


H-vafue  ratings 


Aruba  is  the  top  dog  if  you  want  to  add 
voice  traffic  to  an  enterprise  wireless  LAN 
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oIP  should  be  an  easy  fit  for  wireless  LANs,  but  mixing  the  two  technolo¬ 
gies  today  is  difficult.  Despite  VoIP’s  low-bandwidth  profile,  even  a  small 
amount  of  data  traffic  on  the  same  network  can  lead  to  seriously  degrad¬ 
ed  audio  quality  and  dropped  calls,  even  with  QoS  features  enabled. 


voice  or  data  traffic  was  thrown  at  them. 
Aruba’s  gear  just  worked,  earning  it  the 
Clear  Choice  Award. 

Two  issues  confounded  other  vendors. 
First,  when  handling  voice  and  data  traf¬ 
fic  on  the  same  network,  vendors  need  to 
pay  attention  to  metrics  such  as  delay 
and  jitter  rather  than  forwarding  rates. 

Many  vendors  are  only  just  beginning 
to  tune  their  products  for  voice/data  con¬ 
vergence,  even  though  some  have  touted 
that  capability  for  18  months  or  more. 
However,  it’s  still  relatively  early  days  for 
VoIP  over  WLANs.  Test  tools  that  accu¬ 
rately  measure  these  metrics  on  WLANs 
(such  as  the  VeriWave  instruments  we 
used)  are  only  just  beginning  to  appear, 
and  this  test  is  among  the  first  to  measure 
audio  quality,  delay  and  jitter  in  a 
methodical  way 

Second,  the  emerging  802.1  le  standard 
for  QoS  on  WLANs  might  bring  some 
relief.The  802. 1  le  specification  wasn’t  yet 
ratified  when  we  began  this  project, so  by 
definition  all  QoS  methods  were  non¬ 
standard.  Companies  might  want  to  wait 
until  the  new  802.1  le  specification  and 
products  based  on  it  are  more  mature 
and  fully  tested. 

Measuring  voice  quality  over  wireless 

Our  tests  sought  to  answer  a  simple 
question:  How  does  a  VoIP  over  WLAN 
system  sound? 

To  find  out,  we  worked  with  VeriWave,  a 
start-up  that  makes  WLAN  test  and  mea¬ 
surement  equipment.VeriWave  developed 
a  new  application,  the  VoIP  over  WLAN 
Analysis  Test  Suite,  especially  for  our  test. 

In  addition  to  collecting  delay  and  jitter 
statistics,  VeriWave’s  test  suite  and  Test- 


An  ITU  specification  that  determines  call  quality,  R-value  measures 
packet  loss,  jitter  and  delay. 


R-value 

Mean  opinion  score 

User  satisfaction 

90  or  higher 

4.34  or  higher 

All  users  very  satisfied 

80  or  higher 

4.03  or  higher 

All  users  satisfied 

70  or  higher 

3.60  or  higher 

Some  users  dissatisfied 

60  or  higher 

3.10  or  higher 

Many  users  dissatisfied 

50  or  higher 

2.58  or  higher 

Nearly  all  users  dissatisfied 

Voice  quality  with  and  without  QoS 

Tests  with  six  and  seven  concurrent  calls  make  clear  why  QoS 
enforcement  is  a  must  when  handling  VoIP  traffic  on  WLANs.  Even 
with  QoS  enabled,  audio  quality  (R-value)  suffered  when  VoIP  traffic 
had  to  share  bandwidth  with  data  traffic. 

R-value  (tested  through  one  access  point) 

80 

Near  toll  quality: 

R-value  above  75 


Unacceptable  voice 
quality:  R-value 
below  50 


7  calls,  6  calls, 

with  data  no  data 

_ I  I _ _ 


6  calls,  7  calls, 

with  data  no  data 

—  With  QoS  enforcement  - 


7  calls, 
with  data 


- 

6  calls,  7  calls, 

with  data  no  data 

I - Without  QoS  enforcement  - 

■  Aruba  Chantry  H  Cisco  ffl  Colubris 

All  systems  also  delivered  R-values  around  78  for  a  single  call,  but  because  all  systems  also  put  up 
comparable  scores  for  one  call  even  without  QoS,  we  omitted  the  single-call  comparison  here. 

*  N/A:  Calls  dropped,  could  not  measure  R-value. 


Point  hardware  let  us  measure  R-value,  an 
ITU  specification  (G.107)  for  determin¬ 
ing  call  quality  R-value  is  an  objective 
measurement,  computed  directly  from 
measurements  of  packet  loss,  jitter  and 
delay  While  R-value  is  objective,  it  has  a 
strong  correlation  to  the  subjective  Mean 
opinion  score  method  in  ITU  standard 
P80  (see  R-value  ratings,  left). 

We  measured  voice  call  quality  with  up 
to  14  handsets  and  an  H.323  call  server 
from  SpectraLink,  a  maker  of  802.11 
handsets.  We  measured  audio  quality 
with  up  to  seven  concurrent  calls,  and  in 
some  events  configured  the  VeriWave 
TestFbint  boxes  to  offer  background  data. 
For  each  system  tested,  we  checked  call 
quality  with  QoS  disabled,  then  enabled. 

Audio  quality  without  QoS 

With  QoS  disabled,  we  started  by  rout¬ 


ing  all  calls  through  one  access  point.  Be¬ 
cause  all  the  vendors  recommend  enabl¬ 
ing  QoS  tor  voice  traffic,  this  baseline  test 
gave  us  a  “before”  picture  to  demonstrate 
the  need  for  voice  traffic  prioritization. 

With  QoS  turned  off,  all  four  systems 
tested  did  fine  with  only  a  single  call 
active,  with  R-values  hovering  around  78. 
That  is  about  as  good  as  it  gets  with  VoIP 
over  wireless.  The  threshold  tor  near-toll- 
quality  voice  is  generally  considered  to 
be  around  75,  meaning  the  systems  deliv¬ 
ered  good  audio  quality  for  a  single  call. 

Performance  tor  all  systems  changed 
across  the  board  when  we  placed  six  or 
seven  calls  through  a  single  access,  point 
and  switch,  especially  when  data  traffic 
was  active. Yet  even  without  background 
data,  we  could  not  test  the  Colubris  sys¬ 
tem  with  seven  calls  active  and  QoS  dis¬ 
abled  —  all  the  calls  dropped. 
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When  we  configured  the  TestFbints  to  of¬ 
fer  background  data  (a  stream  of  User 
Datagram  Protocol  [UDP]  packets  at  lM 
bit/sec),  the  results  were  positively  awful 
without  QoS.With  only  six  concurrent  calls, 
R-values  for  all  systems  (except  Aruba) 
were  generally  at  or  below  the  point  where 
voice  signals  were  unintelligible  or  calls 
were  dropped.  Sound  quality  through 
Aruba’s  system  remained  high,  roughly  the 
same  as  with  no  data,  even  without  QoS. 

The  Chantry  and  Colubris  systems  could 
not  perform  the  background  data  test  with 
seven  calls  (QoS  disabled).  All  calls  failed 
as  soon  as  the  VeriWave  box  began  offering 
background  data. 

All  vendors  recommend  the  use  of  QoS 
mechanisms  for  handling  voice  traffic,  even 
when  no  data  traffic  exists.  QoS  is  a  must 
when  handling  VoIP  traffic  over  a  WLAN. 

Adding  QoS  to  the  mix 

We  reran  the  same  five  test  configurations 
as  in  the  non-QoS  cases:  We  measured  one 
call  with  no  background  data,  and  six  and 
seven  calls  with  and  without  the  1M  bit/sec 
background  UDP  traffic. 

We  expected  much-improved  results 
once  we  enabled  QoS,  but  only  Aruba’s  sys¬ 
tem  put  up  consistently  excellent  results  in 
all  the  tests  with  QoS  enforcement.  Even  in 
the  most  stressful  case  (seven  calls  plus 
background  data),  the  Aruba  system  deliv¬ 
ered  near-toll-quality  With  QoS  enabled  on 
the  Aruba  equipment,  there  was  little  differ¬ 
ence  between  the  least  and  most  stressful 
test  scenarios. 

Other  vendors’ QoS  mechanisms  did  little 
to  protect  call  quality  when  background 
data  was  present.  On  the  plus  side,  QoS 
mechanisms  generally  did  an  excellent  job 
when  only  voice  traffic  was  present. 

Audio  quality  improved  for  all  systems  in 
cases  where  we  used  only  voice  traffic.  In 
tests  with  six  and  seven  calls  (no  back¬ 


ground  data),  all  systems  delivered  near¬ 
toll-quality  results  with  QoS  enabled. 

That  changed  when  we  added  the  back¬ 
ground  data.  With  six  calls  and  data  active, 
R-values  fell  below  70  for  the  Colubris 
CN 1250,  meaning  that  “some  users  [would 
be]  dissatisfied”  according  to  the  ITU  R- 
value  specification.The  R-value  was  about 
60  for  the  Chantry  switch  (“many  users 
dissatisfied”). 

Beyond  the  objective  R-value  scores,  we 
did  some  subjective  spot-checking  of  call 
quality  when  data  was  present.  Sure 
enough,  we  heard  echoes,  dropouts  and 
generally  poor  voice  quality  whenever  the 
TestFbints  offered  a  datastream. 

Things  got  worse  for  Chantry  Cisco  and 
Colubris  when  we  tried  seven  calls  plus 
data.  Chantry’s  BeaconMaster  couldn’t 
handle  this  test  case;  all  seven  calls  failed 
when  we  added  data.  Cisco’s  WLSM  posted 
an  R-value  of  about  50,  the  bare  minimum 
level  at  which  calls  are  intelligible.  Further, 
three  of  seven  calls  dropped  during  this  test 
on  Cisco’s  gear.  The  Colubris  CN1250  com¬ 
pleted  the  test,  but  didn’t  forward  enough 
voice  frames  for  the  test  equipment  to  com¬ 
pute  an  R-value  score.  R-value  scores  for 
this  test  were  only  computed  for  the  calls 
that  remained  active  during  the  30-second 
test  (so  in  Cisco’s  case,  it  was  on  four  calls 
instead  of  seven). 

SpectraLink  generally  recommends  a 
maximum  of  six  concurrent  calls  per  ac¬ 
cess  point,  not  the  seven  we  used  in  our 
tests.  Thus,  vendors  might  complain  that 
our  seven-call  scenario  was  an  overload 
test  case.  That  is  valid,  but  only  up  to  a 
point.  First,  the  Chantry  and  Colubris  sys¬ 
tems  had  trouble  even  with  the  recom¬ 
mended  maximum  of  six  calls  with  data. 
Second,  Aruba’s  system  could  handle  the 
seven  calls  with  data  scenario.  Third,  our 
most  stressful  test  came  nowhere  near  over¬ 
loading  the  wireless  medium.  We  offered 


3M  bit/sec  of  traffic  or  less  in  all  tests,  in¬ 
cluding  voice  and  data.That’s  not  even  near 
the  amount  needed  to  saturate  the  wireless 
channel  (see  story  on  wireless  architecture 
remaining  diverse,  DocFinder:  5330). 

It’s  possible  to  run  each  access  point  with 
seven  calls  and  data,  provided  the  system  is 
designed  for  it.  But  doing  so  requires  care¬ 
ful  attention  to  timing  (see  story  right). 

Delay  and  jitter  measurements 

Delay  and  jitter  are  critical  metrics  for  any 
application,  but  are  especially  important 
when  dealing  with  voice  or  video.  When 
delay  or  jitter  rises  to  50  to  70  millisec,  voice 
quality  starts  to  degrade  (see  graphic,  left). 
With  six  calls  and  background  data,  the 
average  delay  measured  below  50  millisec 
for  all  vendors,  but  maximum  delay  and  jit¬ 
ter  shot  up  to  much  higher  levels,  topping 
out  at  more  than  250  millisec  in  tests  of 
Cisco  (six  calls)  and  Colubris  gear  (seven 
calls). 

An  analysis  of  the  logs  produced  by  the 
TestFbints  found  several  reasons  for  the 
voice  quality  degradation. Anytime  jitter  ex¬ 
ceeds  60  millisec,  audio  quality  begins  to 
suffer.  As  the  maximum  delay  and  jitter 
numbers  rose,  R-values  fell  —  and  that’s  for 
the  calls  that  survived  the  30-second  test. 
When  delay  and  jitter  rose  too  high,  the 
calls  simply  dropped. 

Doubling  the  access  points 

So  would  throwing  more  access  points  at 
the  problem  help?  We  re-ran  all  our  tests  on 
two  access  points,  with  half  the  phones 
associated  to  each  access  point. 

With  two  access  points,  the  R-values  were 
generally  much  higher  (see  online  test  re¬ 
sults,  DocFinder:  5327). That  wasn’t  surpris¬ 
ing,  considering  each  access  point  does 
half  the  work  as  in  the  first  set  of  tests. 
Average  delay  also  increased,  which  was 
expected  given  the  additional  component 
in  the  traffic  path. 

While  this  suggests  performance  can  im¬ 
prove  with  more  access  points,  it  also  raises 
several  concerns.  Cost  goes  up,  even  with 
thin  access  points.  Second,  wireless  spec¬ 
trum  is  limited,  and  depending  on  place¬ 
ment,  too  many  access  points  will  interfere 
with  one  another.  Third,  performance  still 
was  not  perfect  with  two  access  points;  we 
had  some  dropped  calls  in  the  presence  of 
background  data. 

With  a  mobile  workforce  you  can’t  pre¬ 
dict  how  many  users  will  try  to  associate 
with  a  given  access  point  at  a  given  time. 
Every  access  point  has  a  saturation  point, 
and  our  results  suggest  that  point  is  rela¬ 
tively  low  when  voice  is  added. 

Roam  if  you  dare 

Mobility  for  voice  is  a  major  driver  for  a 
WLAN  deployment.  Just  as  cellular  phone 
users  move  from  one  coverage  area  to 
another,  so  too  will  WLAN  handset  users. 

We  measured  the  time  needed  for  a  call 
to  migrate  from  one  access  point  to  anoth¬ 
er,  with  both  access  points  attached  to  the 
same  switch. We  also  tracked  R-value, delay 
and  jitter. 

To  force  the  handsets  to  roam,  we  pow- 


Delay  and  jitter  with  QoS 


Delay  and  jitter  are  the  critical  metrics  for  VoIP  traffic.  While  all  systems 
kept  average  delay  relatively  low,  the  big  spikes  in  maximum  delay  and  jitter 
translated  directly  into  poor  voice  quality  or  even  dropped  calls. 

Time  (in  millisec;  tested  through  one  access  point) 

300 

250 
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Average  delay  Maximum  delay  Jitter 

- Six  calls,  with  data - 


Average  delay  Maximum  delay 

- Seven  calls,  with  data  - 


Jitter 
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'Chantry  not  tested;  seven  calls  failed. 


QoS  enforcement 
What  happened? 

Three  of  four  vendors  in  this  test 
failed  to  protect  voice  traffic  in 
the  presence  of  data,  even  using 
QoS  mechanisms  specifically  intend¬ 
ed  to  do  so.  Why  did  these  QoS  mech¬ 
anisms  fail,  even  with  the  vendors' 
best  experts  configuring  them? 

There  are  a  number  of  factors  that 
might  explain  our  results. 

Timing  is  everything.  The  impor¬ 
tance  of  keeping  delay  and  jitter  low 
can’t  be  overemphasized  when  it 
comes  to  voice  traffic.  Some  QoS 
mechanisms  work  in  terms  of  band¬ 
width  and  frame  loss;  if  a  given  traffic 
class  consumes  more  than  a  set 
amount  of  bandwidth,  packets  be¬ 
longing  to  that  class  get  dropped. 
That’s  not  sufficient  for  voice.  Even 
"strict  priority"  mechanisms,  which 
always  service  a  given  traffic  class 
first  regardless  of  the  consequences 
for  other  classes,  only  work  properly  if 
they  receive  high-priority  packets  in 
the  first  place.  That’s  not  so  easy  to 
do  with  802.11  traffic. The  IEEE  proto¬ 
cols  involve  large  amounts  of  man¬ 
agement  traffic  and  also  require  that 
every  data  frame  be  acknowledged. 

At  the  same  time,  the  SpectraLink 
phones  send  out  one  frame  about 
every  30  millisec  and  seem  to  falter 
anytime  four  or  five  packets  in  a  row 
are  dropped.  These  twin  constraints 
make  it  critical  that  wireless  LAN 
(WLAN)  systems  nail  down  the  timely 
delivery  of  as  much  traffic  as  possi¬ 
ble.  In  our  tests,  only  the  Aruba  sys¬ 
tem  did  that. 

It's  not  about  the  bandwidth.  At 
most,  we  threw  less  than  3M  bit/sec 
of  traffic  at  each  system  —  and  that 
includes  both  voice  and  data.  Given 
that  four  vendors  cracked  the  6M  bit/ 
sec  mark  in  last  year's  tests,  the  initial 
suspicions  of  some  vendors  that  we 
simply  overloaded  the  systems  with 
data  doesn't  hold  up.  This  test  empha¬ 
sized  timely  servicing  of  high-priority 
traffic,  not  high  data  rates. 

Access  points  aren't  hot  rods.  The 
typical  "thin  access  point”  consists  of 
a  relatively  modest  CPU,  a  limited 
amount  of  RAM  and  firmware.  By 
itself,  those  components  aren't 
enough  to  ensure  timely  traffic  deliv¬ 
ery.  Instead,  vendors  must  rely  on  pre¬ 
cise  scheduling  mechanisms  in  their 
switches  (as  Aruba  does);  reduce  the 
number  of  concurrent  calls  (which 
improves  performance,  as  we  will  dis¬ 
cuss  in  covering  tests  with  two 
access  points);  or  deploy  voice-only 
WLANs  and  don't  allow  data  clients 
(not  a  practical  alternative  for  most 
corporations). 
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ered  off  the  first  access  point.  This  drew 
objections  from  two  vendors  —  Chantry 
and  Colubris.  Chantry  says  its  roaming 
capabilities  are  designed  for  the  case 
where  a  user  physically  moves  from  one 
location  to  another,  not  when  there’s  a 
power  loss  to  a  given  access  point. 

While  it  is  desirable  to  test  roaming  under 
this  condition,  we  could  not  put  enough 
space  between  access  points  in  our  1 ,200- 
square-foot  lab  for  this  approach  to  be 
practical.  We  considered  using  the  Veri- 
Wave  TestFbint  as  a  noise  generator,  but  re¬ 
jected  that  option  because  it  was  no  more 
representative  of  physical  mobility  than  the 
power-off  test. Also,  loss  of  power  is  a  real  (if 
uncommon)  occurrence;  if  the  access 
point  goes  away  for  whatever  reason,  a 
WLAN  system  needs  to  seamlessly  migrate 
associated  users  to  a  nearby  alternative. 

The  Colubris  CN1250  could  not  be  tested 
by  turning  it  off. The  vendor  handles  mobil¬ 
ity  through  Mobile  IP  which  requires  a 
home  agent  —  the  station  where  a  client 
first  learns  its  IP  credentials  —  to  remain 
active.  If  the  access  point  that  hosts  the 
home  agent  goes  down,  so  does  the  ability 
to  roam.  Cisco  also  supports  Mobile  IP  but 
did  not  use  that  technology  in  our  tests. 

Instead  of  pulling  the  plug  on  the 
CN 1250,  we  tested  roaming  by  disabling  the 
radio  on  the  first  access  point.This  had  the 
same  effect  of  forcing  the  clients  to  roam. 

Colubris  also  requires  a  third  access  point 
to  function  as  a  foreign  agent,  which  relays 
information  about  clients  that  roamed 
back  to  the  home  agent.  For  this  purpose, 
we  used  a  third  Colubris  CN1250  with  its 
antennas  removed;  there  is  no  require¬ 
ment  that  the  foreign  agent  needs  wireless 
connectivity 

As  before,  we  measured  roaming  in  con¬ 
figurations  involving  one,  six  and  seven 
calls,  with  and  without  our  background 
data.  Cisco  has  bragging  rights  in  the  single¬ 
call  case,  with  a  roaming  time  of  0.433  sec¬ 
onds,  and  all  systems  roamed  one  call  in 
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about  0.5  seconds  (see  graphic,  DocFinder: 
5328).  A  half-second  gap  is  noticeable  to 
the  human  ear  —  as  is  any  gap  of  around 
70  millisec  or  more  —  but  except  for  this 
dropout  audio  quality  was  generally  high. 

Aruba  excelled  in  the  roaming  tests.  Its 
average  handoff  times  ranged  from  about 
a  half-second  for  one  call,  to  just  more 
than  1  second  for  the  seven-calls-with- 
data  scenario.  While  that  kind  of  delay 
will  be  noticeable  to  callers,  it  was  still  by 
far  the  fastest  roaming  performance  of 
any  product. 

In  Cisco’s  case,  we  could  perform  seven- 
call  roaming  tests,  but  not  six-call  tests 
because  of  time  constraints.  Average  roam¬ 
ing  times  doubled  from  0.433  seconds  with 
one  call,  up  to  1.053  seconds  with  seven 
calls  —  and  then  it  leapt  to  4.324  seconds 
with  seven  calls  and  background  data. 

Colubris  could  roam  with  six  calls,  but 
not  seven.  In  the  seven-call  case,  we  could 
not  prevent  some  phones  from  “pre-roam- 
ing”  to  the  second  access  point  before  our 
test,  which  invalidated  the  results.  We  also 
had  similar  issues  in  testing  with  six  calls, 
but  the  handsets  stayed  associated  long 
enough  for  us  to  record  the  results,  with 
and  without  background  data.  Even  so,  the 
results  are  counterintuitive  —  roaming 
took  an  average  of  more  than  5  seconds 
without  data,  vs.  about  2  seconds  with  data. 

Chantry’s  BeaconMaster  couldn’t  per¬ 
form  the  roaming  test  with  six  or  seven 
calls,  even  without  background  data  pre¬ 
sent.  Calls  would  drop  rather  than  roam  in 
those  configurations.  In  troubleshooting 
the  problem,  we  reduced  the  number  of 
calls  to  see  if  it  was  a  load  problem.  It  was: 
In  our  power-off  scenario,  the  highest  num¬ 
ber  of  calls  that  could  roam  through  the 
BeaconMaster  was  only  two.Two-call  roam¬ 
ing  times  were  similar  to  the  one-call  case, 
but  we’re  not  presenting  those  numbers 
because  of  the  much-lower  call  count  than 
the  other  vendors. 

VeriWave’s  new  test  gear  helped  us  con¬ 
trast  roaming  at  the  802.11  link  layer  and 
at  the  application  layer,  and  the  results 


were  startling.  In  many  cases,  delays  of 
even  a  few  dozen  milliseconds  in  link- 
layer  802.11  roaming  led  to  delays  of  10 
seconds  or  longer  at  the  application  layer. 
Even  vendors’  engineers  were  surprised  at 
the  enormous  disconnect  between  Layer 
2  and  Layer  7  measurements. The  fact  that 
even  minor  issues  at  the  link  layer  had  a 
major  effect  at  the  application  layer  under¬ 
scores  the  need  for  well-behaved  802.11 
implementations. 

Remote  roaming 

Because  WLAN  switches  can  manage  ac¬ 
cess  points  at  remote  locations,  we  wanted 
to  know  whether  roaming  times  and  call 
quality  would  be  affected  if  the  access 
points  are  in  different  locations  than  the 
switch.  For  example,  would  roaming  times 
differ  if  the  WLAN  switch  was  in  Boston 
and  a  user  roamed  between  two  access 
points  in  Los  Angeles? 

We  re-ran  the  roaming  tests,  this  time 
using  an  AX/4000  traffic  generator/analyzer 
from  Spirent  Communications  to  inject  a 
100-millisec,  round-trip  delay  This  is  roughly 
the  delay  that  traffic  would  experience 
going  between  Boston  and  Los  Angeles. 

We  completed  this  test  with  only  Aruba 
and  Cisco.  Chantry’s  BeaconMaster  could¬ 
n’t  sustain  six  or  seven  concurrent  calls. 
Colubris  consists  of  an  access  point  but  no 
switch,  ruling  out  remote  roaming  tests.  For 
remote  roaming,  we  tested  with  seven  calls 
(time  constraints  prevented  us  from  testing 
Cisco’s  gear  with  six  calls). 

Without  data,  local  and  remote  roaming 
times  were  essentially  identical  for  both 
vendors  (see  graphic,  DocFinder;  5329). 
With  data  present,  Aruba’s  roaming  times 
rose  from  about  1  second  in  the  local  case, 
to  about  3.5  seconds  in  the  remote  sce¬ 
nario.  Cisco’s  remote  roaming  time  was 
actually  lower  than  the  local  test,  which  is 
counterintuitive.  We  cannot  explain  this  re¬ 
sult,  but  at  least  it  validates  Cisco’s  claim 
that  access  points  can  “pre-authenticate” 
clients,  resulting  in  no  performance  penal¬ 
ty  for  remote  access  points. 
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So  what  now? 

It’s  possible  that  products  supporting 
802.1  le  QoS  will  do  better  at  prioritizing 
traffic  than  our  results  indicated.  All  the 
vendors  said  it  was  early  in  the  evolution  of 
VoIP  over  wireless, and  our  test  results  show 
there  is  certainly  room  for  improvement. 
For  network  managers  looking  to  deploy 
VoIP  on  WLANs  in  the  near  future,  there  are 
three  choices:  make  very  few  calls;  don’t 
ever  send  data;  or  look  for  equipment  — 
such  as  Aruba’s  —  that  handles  time-sensi¬ 
tive  traffic  in  a  timely  way 
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More  Test  Results  Online: 

We’ve  got  more  details  on  our  voice- 
over-WLAN  testing,  including: 

•  Complete  methodology  and  test-bed  diagram. 

•  WLAN  architecture  differences  discussion. 

•  Product  features  of  the  systems  tested. 

•  Local  roaming  QoS  results. 

•  Remote  roaming  QoS  results. 

•  Voice  quality  through  two  access  points. 
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Aruba  A2400,  A800 


Company:  Aruba 
Networks.  Cost: 

$8,780  as  tested. 

Pros:  Outstanding 
voice  prioritization  capabilities;  rich  set  of 
QoS  and  radio  frequency  management 
features.  Con:  Some  call  drops  in  most 
stressful  test  case. 
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Company:  Cisco.  Cost:  $51,978  as  tested. 
Pros:  Highly  scalable,  rich  set  of  routing 
and  switching  functions.  Cons:  Doesn’t 
protect  voice  traffic  under  most  stressful 
test  case;  doesn't  dynamically  adjust  to 
changes  in  radio  frequency  environment; 
pricey. 


Gompany:  Colubris  Networks.  Cost: 
$1,800  as  tested;  access  point,  $500.  Pro: 
Powerful  and  intuitive  user  interface. 
Con:  Limited  prioritization  of  voice  traffic. 


Company:  Chantry  Networks  (recently  | 
purchased  by  Siemens).  Cost:  $S,180  as  ' 
tested.  Pro:  Supports  Open  Shortest 
Path  First  routing.  Cons:  Dropped  calls 
in  six-  and  seven-call  cases;  poor  voice 
quality  in  the  presence  of  data;  no 
contingency  for  the  loss  of  power.  . 
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Is  PON  the  cure  for  last-mile 
bandwidth  bottlenecks? 


Two  industry  insiders  debate  the  benefits  of  passive  optical  networking  vs.  Active  Ethernet. 


Yes,  by  John  Griffin 


assive  optical  networking,  specifically  Gigabit  PON,  already  is  proving  to  be 
the  cure  for  last-mile  bandwidth  bottlenecks.  Service  providers  are  in  a  race 
to  deliver  high-speed,  triple-play  services  through  fiber-to-the-premises  archi¬ 
tectures.  In  fact,  most  major  telecom  providers  have  committed  to  FTTP  — 
and  their  technology  of  choice  for  the  access  portion  of  the  network  is  PON. 

Competing  technologies,  such  as  Active  Ethernet,  simply  don’t  fit  the  access  world.  A 
point-to-point  architecture  isn’t  the  most  cost-effective,  interoperable,  scalable  and  man¬ 
ageable  way  to  get  multiple  services  to  a  large  number  of  geographically  diverse  users. 

Standards-based  GPON,  on  the  other  hand,  fits  perfectly  with  the  business  model  most 
carriers  have  planned  for  providing  multiple  services  to  multiple  customers.With  PON,  the 
service  provider  lowers  the  cost  for  high-speed,  high-bandwidth  services  by  using  a  shared 
optical  infrastructure.  Each  service  —  voice, video  and  high-speed  data  —  has  unique  per¬ 
formance  characteristics  that  require  different  bandwidth  allocations  and  capabilities. 
While  this  could  pose  significant  challenges  to  competing  technologies,  a  GPON  system 
is  designed  to  meet  the  diverse  QoS  needs  of  current  and  future  service  offerings. 

The  use  of  fiber  cable  has  continued  to  migrate  from  large  points  of  aggregated  band¬ 
width,  such  as  large  businesses  and  single  points-of-presence,  to  small  businesses  and  res¬ 
idential  consumers.The  challenge  today  is  in  transporting  smaller  amounts  of  bandwidth 
from  a  large  number  of  customers  back  to  a  centralized  point.  The  beauty  of  PON  is  its 
inherent  point-to-multipoint  architecture,  which  easily  aggregates  multiple  customers 
back  to  the  central  office  environment,  much  the  same  way  utility  companies  provide 
shared  services  among  many  users. 

PON  provides  extensive  benefits  to  service  providers.First.it  dramatically  lowers  opera¬ 
tions  costs  by  eliminating  expensive  electronic  elements  from  the  outside  plant  portion 
of  the  network.  It  further  lowers  cost  by  spreading  the  expense  of  high-powered,  long-dis¬ 
tance  optics  across  a  number  of  users  by  leveraging  its  point-to-multipoint  distribution 
architecture. The  GPON  standard  also  enables  scalability  as  bandwidth  demands  contin¬ 
ue  to  increase  for  voice,  video  and  data  services.  Service  provisioning  costs  are  reduced, 
longer  reach  is  achieved,  and  minimal  fiber  is  required. 

Numerous  carriers  have  adopted  and  implemented  PON,  specifically  GPON,  as  their 
“competitive  edge”  in  bringing  triple-play  services  to  premises  customers.  Most  of 
the  RBOCs  have  announced  plans  to  bring  high-bandwidth  voice,  video  and  * 
data  services  to  hundreds  of  thousands  of  residential  and  small-business  cus¬ 
tomers  —  and  already  have  decided  to  build  FTTP  networks  based  solely  on 
PON  in  the  outside  plant. 

By  winning  the  backing  of  the  RBOCs  by  providing  benefits  in  every  major  area 
—  cost,  scalability  interoperability,  long  reach,  reliability  and  manageability  — 
standards-based  PON  is  poised  to  dominate  the  access  world  and  break  the  last- 
mile  bandwidth  bottleneck  once  and  for  all. 


No,  by  Dave  Curry 


ptical  technology  is  the  clear  cure  for  last-mile  bandwidth  bottlenecks,  but 
Active  Ethernet,  not  passive  optical  networking,  will  be  the  technology  of 
choice.  Deploying  PON  today  might  provide  more  bandwidth  than  DSL  or 
cable  modems,  but  it  also  introduces  limitations  that  severely  restrict  the 
potential  of  an  optical  infrastructure. 

Notably  PON  architecture  imposes  bandwidth  limits  —  hardly  ideal  for  easing  a  bottle¬ 
neck  or  gaining  revenue  by  offering  more  services.  Bandwidth  is  shared  among  sub¬ 
scriber  terminals.The  total  amount  and  range  of  bandwidth  available  depends  on  the  spe¬ 
cific  type  of  PON  technology  and  the  split  ratio  deployed.  Speed  upgrades  can  come  in 
one  of  two  ways:  reduce  the  number  of  subscribers  and  bear  the  increase  in  cost  per  sub¬ 
scriber,  or  completely  overhaul  the  technology 
In  contrast,  Active  Ethernet  supports  a  minimum  of  100M  bit/sec  symmetrical  connec¬ 
tion  to  each  subscriber,  far  in  excess  of  PON.  More  importantly  Active  Ethernet  scales 
seamlessly  to  1G  bit/sec,  10G  bit/sec  and  beyond,  fully  supporting  any  combination  of  sub¬ 
scriber  access  speeds  and  application  requirements. 

A  large  portion  of  the  first  cost  of  a  PON  deployment  is  the  central  terminal,  which 
requires  a  unique  and  expensive  optical  transceiver.  When  PON  vendors  highlight  low 
cost  per  subscriber  figures,  they  imply  that  each  central  terminal  is  fully  utilized.  However, 
the  cost  per  subscriber  increases  dramatically  when  the  number  of  subscribers  is  less 
than  approximately  70%  of  the  maximum  number  of  supported  subscribers. 

Every  aspect  of  an  Active  Ethernet  solution,  including  the  optical  transceivers,  uses  stan¬ 
dard  off-the-shelf  components.  Because  optical  transceivers  are  only  added  when  sub¬ 
scribers  are  added,  Active  Ethernet  exhibits  very  linear  costs  from  the  first  few  subscribers 
to  many  thousands  of  subscribers. 

PON  vendors  say  passive  components  result  in  significantly  lower  operational  expense. 
The  truth  is  that  even  in  a  passive  network,  all  the  central  units  and  subscriber  terminals 
will  incur  an  ongoing  operational  expense  and  require  the  same  support  as  in  an  Active 
Ethernet  network. 

Anyone  concerned  about  the  security  of  the  information  they  send  over  a  public  net¬ 
work  should  be  wary  of  PON.  Because  of  the  shared  nature  of  PON,  information  intend¬ 
ed  for  one  subscriber  is  sent  to  all  subscribers  connected  to  the  same  passive  split¬ 
ter.  The  receiving  terminals  are  expected  to  discard  traffic  not  intended  for  the 

o 

e  subscriber  on  that  terminal.  Services  delivered  over  an  Active  Ethernet  infra- 
3  structure  are  contained  within  virtual  LANs  that  only  send  the  information  to 
the  specific  destination  for  which  it  is  intended. 

In  a  day  and  age  when  success  is  based  on  who  can  most  rapidly  meet  cus¬ 
tomer  demands  at  the  lowest  cost,  PON  is  a  fading  technology  Only  by  embrac- 
Mor6  Online!  ^Ct've  ^ernet  can  serv*ce  providers  make  the  most  of  the  vast  potential  of 
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their  optical  network  investments. 

opinion.  Face-off  authors  John  Griffin  and  Dave 

Griffin  is  executive  vice  president  of  Optical  Solutions,  a  vendor  of  gurry  wy|  ^  ^e(p  thoughts  to  the  discussion.  Curry  ‘s  Presictent  and  of  World  Wide  Packets,  an  Ethernet  access 
FTTP  technologies.  He  can  be  reached  at  jgriffin@opticalsolutions.com.  DocFinder:  5322  networking  vendor.  He  can  be  reached  at  dave.curry@wwp.com. 
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Diageo  distills  IS  leaders 

The  alcoholic  beverage  company’s  career  development  program  pushes  staff  to  excel. 


■  BY  CARA  GARRETSON 

When  Jasmin  Chanana  was  offered  a  perma¬ 
nent  position  at  the  end  of  2003  at  spirits,  wine 
and  beer  maker  Diageo,  accepting  it  was  a  no- 
brainer.  Hed  been  working  as  a  consultant  for 
the  company  for  more  than  a  year  and  knew  he 
would  find  the  alcoholic  beverage  industry  a 
refreshing  change  from  the  stodgy  world  of  fi¬ 
nancial  services. 

But  it  wasn’t  just  being  able  to  say, “Hey  I  work  for  that  compa¬ 
ny”  when  someone  at  a  bar  orders  a  Guinness  that  attracted 
Chanana.  What  the  30-year-old  saw  was  an  opportunity  for 
growth.  After  less  than  a  year  as  a  project  manager  working  with 
Diageo’s  Web  sites  and  portals,  Chanana  was  given  the  chance  to 
lead  a  server  consolidation  project.  Launched  three  months  ago, 
the  project  entails  consolidating  infrastructure  and  application 
servers  across  Diageo  North  America,  which  is  headquartered  in 
Stamford,  Conn. 

Chanana  had  been  through  Diageo’s  project  management 
training  program,  and  his  manager  recognized  his  potential  to 
take  on  the  role.  “People  saw  the  opportunity  for  growth  for  me 
and  pushed  me  in  the  right  direction,”  Chanana  says. “My  man¬ 
ager  knew  the  specific  needs  I  had  and  matched  me  with  an 
opportunity  as  it  presented  itself.” 

Diageo’s  career  development  program,  which  includes  a  for¬ 
mal  review  and  goal-setting  process  as  well  as  a  more  casual  check-up  element,  helped 
Chanana  land  his  new  job,  he  says.  Over  the  course  of  regular  career  discussions, 
Chanana’s  manager  identified  goals,  ensured  the  necessary  training  was  received  and 
gave  Chanana  an  opportunity  to  test  his  project  management  mettle  by  taking  on  the  serv¬ 
er  consolidation  project. 

Diageo’s  annual  performance  reviews,  which  the  company  calls  people-performance- 
management  reviews,  are  used  to  set  goals  and  objectives  both  by  the  management  and 
the  employee.  Monthly  checkups,  known  as  call  overs,  take  employees  out  of  their  day-to- 
day  work  to  examine  their  progress  and  realign  goals  as  needed. 

“Monthly  cal!  overs  are  a  gut  check  of  where  you  are,” Chanana  says.“You  have  your  peo¬ 
ple-performance-management  [document], you  have  your  objectives  in  front  of  you, and 
as  you  go  through  you  get  a  good  sense  of  where  you  are  on  a  monthly  basis.” 

This  kind  of  regular  contact  to  discuss  career  goals  is  important  to  employees,  who  often 
feel  like  their  own  personal  aspirations  get  lost  amid  corporate  expectations,  says  Janet 
Scarborough,  founder  of  career  counseling  and  executive  coaching  firm  Bridgeway 
Career  Development.“What  most  companies  fail  to  do  is  circle  back  around  to  touch  base 
with  employees  between  annual  performance  evaluations,”  she  says. 

However,  Scarborough  warns  that  monthly  meetings  such  as  Diageo’s  call  overs  need  to 
involve  action,  not  just  talk,  to  be  truly  worthwhile. “If  there  are  no  concrete  results,  the 
meetings  are  rendered  ineffective,” she  says.She  also  questions  whether  monthly  meetings 
are  necessary  given  that  often  not  much  changes  over  a  30-day  period. 

Diageo,  formed  in  1997  by  the  merger  of  smaller  companies,  isn’t  focusing  on  career 
development  solely  for  the  benefit  of  its  employees.  By  identifying  career  goals  and  un¬ 
earthing  opportunities  for  related  training,  the  company’s  management  can  align  employ¬ 
ees’  efforts  with  the  business  goals  of  the  company  says  Andrew  Lopatynsky,  senior  vice 
president  of  IT.  For  example,  training  an  IS  employee  in  how  the  business  side  of  the  house 


Andrew  Lopatynsky,  senior  vice  president  of 
IT,  and  Jasmin  Chanana,  a  project  manager, 
are  both  spirited  about  drinks  maker 
Diageo's  IT  career  development  program. 


CHRIS  CASABURI 


works  would  better  enable  him  to  develop  systems  than  if  the  employee  went  about  his 
job  without  understanding  his  users’  needs. 

“IS  staff  career  development  is  of  utmost  importance,  whether  that  means  encouraging 
participation  in  outside  conferences,  internship  programs  or  short-term  special  project 
assignments,”  Lopatynsky  says. 

Throughout  the  elements  of  its  career  development  program,  Diageo  emphasizes  two- 
way,  open  communication  so  that  employees  and  managers  can  highlight  opportunities 
for  growth,  Lopatynsky  says. While  senior  managers  will  gather  every  six  months  to  discuss 
their  employees’  career  goals  and  search  for  fits  within  the  organization,  employees  also 
are  encouraged  to  seek  opportunities  and  outline  strategies  for  taking  advantage  of  them. 
They’re  even  given  a  vocabulary  to  help  express  some  less-tangible  goals. 

For  example,  Chris  Brown,  Diageo’s  director  of  information  management,  tells  the  story 
of  an  employee  in  his  data  quality  group  who  wanted  to  become  a  better  “influences?  a 
term  the  firm  uses.  “We  built  into  her  development  plan  an  area  called  ‘getting  better  at 
influencing,”’  Brown  says.  As  her  manager,  Brown  will  identify  courses  she  can  take  and 
books  she  can  read  to  hone  her  influencing  skills,  which  in  turn  will  benefit  the  company 

“We  want  our  people  to  be  influences,  to  have  a  little  edge  and  drive  themselves,”  he  says. 
“For  a  technology  person,  an  influencer  has  the  ability  to  take  an  idea  or  concept,  look  at 
the  business  value  of  that  concept  and  then  essentially  sell  that  concept  into  the  business.” 

While  Brown  says  that  many  of  his  employees  are  interested  in  taking  their  careers  to  the 
next  level,  not  all  are  looking  to  move  into  the  corner  office  some  day  For  those  who  don’t 
want  to  climb  the  management  ranks,  Brown  says  the  career  development  program  still 
can  be  of  assistance  by  helping  employees  take  on  more  responsibility  or  achieve  greater 
success  in  their  current  roles. 

“We’ve  put  a  program  in  place  that  makes  sure  [employees]  are  technically  growing  all 
the  time,  not  just  for  themselves  but  also  for  the  benefit  of  the  company’ Brown  says.  ■ 
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Cyclades  AlterPath™  KVM/net 
offers  a  unique  set  of  features: 

■  Server-based  authentication 

(NT  domain,  LDAP,  Secure  ID,  RADIUS,  TACACS+) 

■  16  and  32  port  models 

■  CAT5  cabling  up  to  500  feet 

■  User  access  logging 

■  System  event  syslog 

■  Integrated  power  management 


We've  worked  our  magic. 
Now  you  can  work  yours. 
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GTA  FIREWALLS 


Sentinel 

Global  Technology  Associates.. Ipc. 


GTA's  newGB-2000  and  GB-250  firewall  appliances, featuring  Mail  Sentinel^  Anti-Spam  and  Mail  Sentinel™  Anti-Virus  subscription  options,  join  our 
existing  family  of  Internet  firewall  products,  backed  by  over  10  years  of  Internet  security  experience  and  powered  by  ICSA  4.0  Corporate 
certified  GNAT  Box  OS. 

1-800-775-^  3TA  •  www.gta.com  •  info@gta.com 


A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  located  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
and  operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 

Recognized  as  the  pioneer  of  KVM  switch 
technology,  Rose  Electronics  offers  the 
industry's.most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 
solutions.  Rose.  Electronics  products  are 
known  for  their  quality,  scalability,  ease;  of  use 
and  innovative  technology. 

Rose  Electronics  is  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


’Mb' 

(jBHBCTifRB 


‘  HACK  DRAWER  WITH  KVM  SWITCH  OPTION 


Rose  Electronics 
•  ;  1.0707  Stancliff  Road 
'Houston,  Texas  77099 
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RpSE us  1 ' v 

ROSE  EUROPE 
ROSE  ASIA 


+281  933  7673 
+  44(0)1264  850574 
+65  6324  2322 


UltraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 
Secure  encrypted  operation  with  login  and  computer 
access  control 

Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


Connects  up  to  1000  computers  to  a  KVM  station 
Models  for  4,  8,16  computers 
Advanced  visual  interface  (AVI) 

Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 
Connects  to  PS/2,  Sun,  USB,  or  serial  devices 
Converts  RS232  serial  to  VGA  and  PS/2  keyboard 
Free  lifetime  upgrade  of  firmware 
Security  features  prevent  unauthorized  access 
Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 
Easy  to  expand 


+  : ROSE  AUSTRALIA  +617  3388  1540 


800  333  9343 

WWW.ROSE.COM 
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Anti-spam  technology  failing?  Well... 


:  YOU’VE  BEEN 

SO. AMM  M  E  O ! 

Meridius  Security  Gateway" 

99%  spam  detection  rate, 

0%  false  positives, 

100%  virus  blocking1 

Call  1.866.895.6931  and  get  a  $5000*  trade-in  credit 


<^>lNSIDE-THE-DnMA!N" 

www.bluecatnetworks.com/subscribe 


BlueCat  Networks 

secure  networks,  simplified. 

Call  us:  Schedule  your  free  demo  today. 

1.866.895.6931  Visit  www.bluecatnetworks.com/meridius/nww 

BlueCat  Networks,  the  BlueCat  Networks  logo.  Meridius  Security  Gateway  and  the  Meridius  logo  are  trademarks  of  BlueCat  Networks.  Inc. 


*  Contact  a  BlueCat  Networks  representative  for  promotion  details.  Limited  time  offer.  Promotion  code:  BCN-M105 
t  “Scanning  for  Spam”,  Network  Computing  Magazine  Oct.  28,  2004 
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Meridius  Security  GaigWi’ 


www.nwfusion.com 


Make  the  best  use 
of  your  network  sniffer. 


Sniffers,  probes,  and  IDS  can  be  a  network  manager's  best 
friends.  But  how  many  are  enough?  Don't  spend  thousands 
on  unnecessary  analysis  hardware  and  software. 

Centralize,  share,  and  manage  your  monitoring  equipment  with 
IntellaPatch  -  your  new  best  friend. 


SENSAPHONE 

IM5-4DDD 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 

Alarming 


Internal 

UPS 


Power 

Control 

Interface 


Ethernet 

Port 


Internal  Voice, 
Modem 
&  Pager  Port 


8  R)-45  Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


Microphone 

for  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


IntellaPatch  features  remote  management  and  non-intrusive 
switching  capabilities.  You  save  valuable  time,  eliminate 
redundant  equipment,  and  reduce  ongoing  maintenance  costs. 

Now  you  can  manage  your  sniffers,  and  your  budget,  without 
losing  your  sense. 

INTELLAPATCH  Physical  Layer  Switches 
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Ethernet 
Fibre  Channel 
SONET/SDH 


Learn  more  about  how  sniffer  sharing  with  APCON  physical  layer  switch 
solutions  will  benefit  your  bottom  line.  Visit  www.apcon.com/share  to 
download  our  application  brief  and  white  paper. 


APCON 

www.apcon.com  Solutions  for  Networks  1.800.624.6808 
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802.11  bg  W-LAN  ANALYZER 

>  2.4  GHz  SPECTRUM  ANALYZER 
>  Dual-band  802.11b  &  g  demodulators 

>  Direction  Finding  ot  Rogue  AP’s 


Security  •  Installers  •  WISPs  •  Hotspots 


Ve  I  low  Jacket™ 
Hive  Software 

Site  Initiator/Supervisor/ 
Investigator  indoor/outdoor 
mapping  W-LAN  coverage 
solution. 


Berkeley  Varitronics  Systems  m™,  moumo 

(732)  548-3737  www.bvsystems.com 
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Climate  Monitor 

$389 


Ethernet/Web 

Temperature 
Air  Flow 
Humidity 
Door  position 
Sound 
Light  Level 
Power 

Video  optional 
16  external  sensors 


See  it  working  at: 
http://63.237.104.17 


Rack  Mounted 

Monitor  Multiple  Cabinets 

HTML  (no  client  needed) 
SMTP  (e-mail  alerts) 
SNMP  (MIB,  Traps) 
Graphing 
Console 


On  Watchdogs 

www.ITWatchdogs.com 

512-257-1462 


Luggage,  Fine  Leather  Goods, 
Gifts,  and  more! 

Tumi,  Hartmann,  Andiamo, 
Samsonite,  Cross 
10%  discount  for  Network 
World  readers 
Enter  code  NWW  2005 


CyBer-Angel* 

The  Ultimate  in  Workstation  Security 

Two-Factor  &  Single  Login  User  Authentication 
Configurable  Secure  Drive  for  Information  &  Application  Protection 
Prevents  Unauthorized  Remote  Access  to  Servers  or  Accounts 
Tracking  and  Recovery  of  Lost  or  Stolen  Computers 
Privacy  Act  Compliance 
24  /  7  Security  Monitoring  &  Support  Center 
Over  8  Years  of  Proven  Success 

Contact  us  today  for  your  free  evaluation  copy! 


©  1996-2005  CSS,  Inc.  Patented  Technology 
475  Metroplex  Drive  Suite  104  Nashville,  Tennessee  37211 
All  rights  reserved. 

Laptop  Courtesy  of  Overam.com. 


800.501.4344 

www.thecyberangei.com 


RATING 


INSTRUMENTS 


How  much  can  your  network  analyzer  handle? 

Observer  is  the  only  fully  distributed  network  analyzer  built 
to  cover  your  entire  network  (LAN,  802.1 1  a/b/g,  Gigabit,  WAN). 
Download  your  free  Observer  10  evaluation  today  and  experience 
more  real-time  statistics,  more  expert  events  and  more  in-depth 
analysis  letting  you  monitor, troubleshoot  and  manage  every  site 
on  your  network  with  one  complete  solution. Choose  Observer. 

-SECURi  tv  conTROL- Watch  for  virus  and  hack  attacks  to 
quickly  isolate  infected  areas. 

-RLERT -  Setup  Triggers  and  Alarms  on  any  network  threshold 
and  be  the  first  to  know  of  network  issues. 

-nETwORK  OMERLORB-  Monitor  bandwidth  utilization,  access 
point  utilization  rates  and  network  top  talkers  with  Real-Time  Statistics, 

US  &  Canada  toll  free  800.526.5958 

fax  952.932.9545 

UK  &  Europe  +44(0)1959569880 

www.networkinstruments.com/analyze 


Does  your  analyzer  cover  one  room  or 

>  the  whole  house? 
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Server  Technology 


Solutions  for  the  Data  Center  Equipment  Cabinet 


When  servers  and  network  devices 
in  the  data  center  lock-up,  network 
managers  heed  fast,  secure  and 
reliable  tools  to  respond.  With 
Sentry™  Remote  Site  Managers, 
an  administrator  can  immediately 
reboot  a  remote  system  with  just 
a  few  mouse  clicks.  Sentry  also 
provides  accurate  input  current 
power  monitorii  environmental 
monitoring  and  integrated  secure 
console  management  using  SSH. 


Sentry  Gives  You  Secure  Web/I  P  Based  Remote  Site  Management 


"NEW!"  Secure  Shell  (SSHv2)  Encryption  « 
"NEW!"  SSLv3  Secure  Web  Browser « 
“NEW!"  Active  Directory  with  LDAP  « 
SNMP  MIB  &  raps  « 
Integrated  Secu  :  Modem  « 
True  RMS  Pow  r  Monitoring  « 
Outlet  Receptacle  Grouping  for  Dual-Power  Servers  « 
Fail-Safe  Transfer  Switch  for  Single-Power  Supply  Servers  « 
Power-up  Sequencing  Prevents  Power  In-rush  Overload  « 
Temperature  &  Humidity  Environmental  Monitoring  « 
Zero  &  Rack-mount  Models  « 
1 1 0/208  VAC  Models  with  30-Amp  Power  Distribution  « 
NEBS  Approved  -48  VDC  Models  Available  « 


Server  Technology,  Inc* 

Server  Technology,  Inc.  toll  free  +1 .800.835.1 51 5 

1040  Sandhill  Drive  tel  +1.775.284.2000 

Reno,  NV  89521  fax  +1 .775.284.2065 

USA 

www.servertech.com 

sales@servertech.com 


SServer  technology,  Inc  Sentry  is  a  trnOomnrk  of  Server  Tccl'iTiolfj(|y  Inc 
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1  -800-IT-FINDS 

sales@dtsearch.com 


Instantly  Search  Gigabytes  of  Text  Across 
a  PC,  Network,  Intranet  or  Internet  Site 
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Publish  Large  Document  Collections 
to  the  Web  or  to  QD/DVD 

♦over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  &  PDF  while  displaying  embedded 
links,  formatting  &  fTnTMW 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

dtSearch  Reviews... 

♦  “The  most  powerful  document  search  tool  on  the  market” 

—  Wired  Magazine 

♦  “Intuitive  and  austere  ...  a  superb  search  tool”  — PC  World 

♦  “Blindingly  fast”  —  Computer  Forensics:  incident  Response 

Essentials 

♦  “A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 

♦  “Covers  all  data  sources ...  powerful  Web-based  engines” 

—  eWEEK 

♦  “Searches  at  blazing  speeds”  — Computer  Reseller  News 

Test  Center 


See  www.dtsearch.com  for: 

♦  hundreds  of  developer  case  studies  &  reviews 

♦  fully-functional  evaluations 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 
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it  careers 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis.  TN:  Senior  Systems  Pro¬ 
grammer.  Devise  procedures 
to  solve  complex  systems  and 
applications  problems.  Require¬ 
ments:  Bachelor's  degree  or 
equivalent*  in  computer  sci¬ 
ence,  MIS,  mathematics,  engi¬ 
neering  or  related  field  plus  5 
years  of  experience  in  systems 
programming.  Experience  with 
development  of  barcode  sym¬ 
bology,  sensor  technology  and 
scanning  technology  also  re¬ 
quired.  ‘Master's  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience. 
Submit  resumes  to  Miley 
Ainsworth,  FedEx  Corporate 
Services,  2847  Business  Park 
Drive,  Bldg  J,  Memphis,  TN 
38118.  EOE  M/F/D/V. 


Software  Engineer  (Systems) 
(National  Placement),  System 
Administrator  with  experience  in 
administering,  sizing,  installa¬ 
tion,  configuration,  and  tuning  of 
Sun  Solaris,  Red  Hat  Linux  and 
Windows  operating  systems. 
Cisco/Sun  Certifications  in  Syst¬ 
em  Administration.  Skills  include 
Solaris  7/8/9,  Redhat  Linux, 
RAID,  Sun  Cluster,  Sun  Sparc, 
Veritas  Volume  Manager,  Cisco, 
VPN  Devices,  Oracle,  Open 
SSH,  Shell  Scripting.  4  yr 
Bachelor  of  Engineering  Degree 
and  five  years  of  related  experi¬ 
ence.  $82,500/yr,  40  hrs/wk,  9a  - 
6p.  Send  resumes,  listing  Job 
Order  #  WEB483543  to  Site 
Manager,  Beaver  County  Car- 
eerLink,  2103  Ninth  Avenue, 
Beaver  Falls,  PA  15010-3957. 


Top  1 0  reasons  why  you 
should  advertise  your 
recruitment  message 
with  IT  Careers. 


IT  Careers  Audience  Skill 
Survey  2003/2004 


IIS/MIS/IT 

84% 

Windows  2000 

83% 

TCP/IP 

83% 

Windows  95/98 

82% 

PC/s 

80% 

Unix  NET/Linux 

75% 

Networking/Telecom 

74% 

Windows  NT 

73% 

Windows  XP 

69% 

Intemet/Web  Dev./E-Com. 

68% 

Your  direct  line 
of  communication 
to  qualified  IT 
Professionals 
with  the  most  in 
demand  IT  skills 


iT|careers 

Contact  us:  800-762-2977 


F/T  Sr.  Software  Engineer.  Re¬ 
sponsible  for  designing,  devel¬ 
oping,  enhancing,  and  maintain¬ 
ing  Storage  Software  Compon¬ 
ents.  Provide  regular  status  re¬ 
ports  to  management.  Support 
OEMs  who  are  using  these  com¬ 
ponents  using  Linux  and  Win¬ 
dows  Kernel,  Network  Storage 
technologies  in  File  systems, 
CIFS,  NFS,  iSCSI,  RAID,  TCP / 
IP,  AppleTalk,  NCP,  IPX,  SNMP, 
LDAP  and  IPMI.  Work  with  Test 
and  Validation  groups  to  ensure 
component  is  tested  thoroughly. 
Follow  Software  Development 
Procedures.  Use  Source  Code 
Control.  Provide  technical  docu¬ 
mentation.  Must  have  a  Bach¬ 
elor's  degree  in  Computer  Sci¬ 
ence  &  Engineering,  related  field 
or  foreign  degree  equivalent. 
Educational  background  must 
have  included  Linux,  Windows 
Kernel,  Network  Storage  tech¬ 
nologies  in  File  systems,  CIFS, 
NFS,  iSCSI,  RAID,  TCP/IP,  Ap¬ 
pleTalk,  NCP,  IPX,  LDAP,  SNMP, 
IPMI,  and  following  Software 
Development  Procedures.  Sala¬ 
ry:  Competitive.  Send  resume 
to:  Srivatsan  Ramachandran, 
AMI,  6145F  North  belt  Pkwy., 
Norcross,  GA  30071. 


POSITION  DESCRIPTION:  De¬ 
sign,  Implement,  Test  complex 
financial  software  applications 
using  C++,  Java,  J2EE  Technol¬ 
ogies  and  application  server 
platforms.  Analyze  end  user 
needs,  develop  software  solu¬ 
tions  and  products  using  n-tier 
design  concepts  which  are 
portable  across  multiple  plat¬ 
forms.  Define  and  develop  en¬ 
hancements  to  existing  prod¬ 
ucts,  applications  and  solutions. 
Define  and  capture  requirement 
analysis  and  design  using  UML 
diagrams.  Use  Application  Arch¬ 
itectural  patterns,  frameworks, 
user  interface  design,  web 
design  concepts.  Reqs:  Master's 
degree  in  Engineering,  Busin¬ 
ess,  Math,  or  related  field  or 
Bachelor's  degree  plus  5  years 
of  relevant  experience  or  equiv¬ 
alent.  Skills  must  include  C++, 
Java,  J2EE,  WebLogic  or  Web¬ 
Sphere  Application  Server,  UML, 
Object-Oriented  Technologies 
and  SQL.  Available  to  work  in 
unanticipated  sites  throughout 
the  United  States.  Interview: 
Merrimack,  NH.  Job  site:  Merri¬ 
mack,  New  Hampshire  and  vari¬ 
ous  sites  throughout  the  US. 
$90,688/year.  40  hours/week. 
Application  by  resume  only. 
Send  2  copies  of  resumes/let¬ 
ters  to  Job  Order  #  2005-833,  P. 
O.  Box  989,  Concord,  NH 
03302-0989. 


ENGINEERING 

Job  opportunities  in 
Andover,  MA:  Staff  En¬ 
gineer  (CP010501). 

Submit  resume  to 
Broadcom  Corporation 
via  www.broadcom.com 
(MUST  REFERENCE 
CP  CODE). 


Software  Engineers.  BS  or 
equiv.  (Comp  Sci  or  related 
discipline)  &  5  yrs  IT  work  exp. 
Dvlp,  create,  modify  &  prgm 
complex  systems  appl.  Pro¬ 
vide  functional  &  empirical 
analysis,  define  business  & 
systems  reqmts  related  to 
dvlpmt  &  implmtn  of  automated 
info,  systems.  Provide  appl. 
prgmg  support,  create  systems 
&  user  manuals.  Work  w/ 
Oracle,  EJB,  SQL,  Java,  J2EE 
&  VB.  Send  resume,  ref.  & 
salary,  req.  to  OCR  Services, 
557  W.  Uwchlan  Ave,  Ste  240, 
Exton,  PA  19341. 


Regional  Mgr.,  Latin  America 
(Coral  Gables,  FL.):  Responsib¬ 
le  to  lead  mktg  efforts  for  VOIP 
targeted  to  Latin  America  (LA) 
region;  utilize  tech  knowledge  to 
mkt  &  promote  transition  of  int'l 
voice  comm,  from  Public  Switch¬ 
ed  Network  to  public  internet; 
coor.  &  provide  expertise  to 
existing  &  prospective  clients  re: 
VOIP  capabilities,  ops  &  svcs  to 
adequately  mkt  same;  analyze 
client's  existing  telecom,  tech  to 
mkt  deployment  of  4  Clarent 
VOIP  using  new  signaling  proto¬ 
col  svcs;  mnge  tech,  eng'g  & 
sales  staff  in  providing  clients  w / 
interconn,  solutions  to  resolve 
all  tech  difficulties;  oversee  & 
direct  VOIP  ops  to  guarantee 
stability  &  maintain  profitability; 
supervise  various  groups  on  a 
project  basis  to  provide  ade¬ 
quate  commercial  &  tech  sup¬ 
port  for  overall  success  of 
mkt'ng  efforts  to  LA  region;  per¬ 
form  &  oversee  mkt  analysis  to 
pursue  new  bus.  opportunities  in 
LA  region;  negotiate  contracts, 
rates,  traffic  volume,  op  schem¬ 
es  &  bus.  agreements  for  new  & 
existing  clients;  stay  abreast  of 
mkt  &  regulatory  trends  & 
devel's  in  LA  to  provide  insight  & 
direction  to  corp.  mgmt.  for 
establishing  co.  goals,  strate¬ 
gies,  product  devel.  &  policy  re: 
mkt'ng  VOIP  in  LA;  provide  con¬ 
tinuous  reporting  on  all  aspects 
of  region  incl.  mkt,  regulatory, 
ops  &  finance  to  mgmt.  40 
hrs/wk.,  9am-5pm;  $60,000/yr.; 
req:  BS  in  Systems  Eng'g., 
Industrial  Eng'g.,  Operations  or 
related  field  &  1  yr.  exp.  in  job 
offered,  or  3  yrs.  exp.  as  Project 
Mgr.,  Operations  &/or  Senior 
Buyer,  with  prior  telecom  exp.  to 
incl  devel,  design,  implementa¬ 
tion  &  marketing  of  VOIP  (Voice 
Over  Internet  Protocol)  svcs  to 
Latin  America,  fluent  Spanish. 
Please  send  resume  to:  Agency 
for  Workforce  Innovation,  P.O. 
Box  10869,  Tallahassee,  FL 
32302;  ref:  Job  Order  #FL- 
2573093. 


PROG.  ANALYST  - 
SYS.  ADMIN. 

Install,  configure  &  troubleshoot: 
Solaris,  AIX  &  Linux  operating 
sys;  WebSphere  &  WebLogic 
appln  servers;  iPlanet,  Sunone 
&  Apache  web  servers;  software 
like  NDM,  Autosys,  Veritas 
Netbackup  &  Volume  Mgr, 
Introscope  &  RSA  Keon.  Config. 
&  maintain  storage  area  net¬ 
working  using  McData  switches. 
BS  degree  in  Comp.  Sci., 
Electrical  or  Electronics  Engnrg 
+  5  yrs  exp.  in  job  offered  or  in 
Sys.  Admin.  Software  Engnrg 
reqd.  Exp.  must  incl.  Solaris  & 
AIX  operating  sys,  WebSphere 
&  WebLogic  appln  server  & 
Sunone  Webserver  &  Veritas 
Netbackup.  High  mobility  pre¬ 
ferred.  40  hrs/wk,  OT  as  reqd, 
8am  -  5pm,  $66,730/yr.  Submit 
resume  to:  Site  Administrator, 
Greene  County  CareerLink,  4 
West  High  Street,  Waynesburg, 
PA  15370-1324.  Refer  to  Job 
Order  No.  WEB  483814. 


Software  Engineer  (Applica¬ 
tions)  (National  Placement  -  2 
Positions)  Develop,  create  and 
modify  computer  applications 
software  for  clients;  analyze  us¬ 
er  needs  and  provide  solutions; 
design,  architect  customized 
software  modules  and  applica¬ 
tions  with  the  aim  of  optimizing 
operational  efficiency.  Must 
have  Bachelor's  Degree  in  En¬ 
gineering  or  Computer  Science 
and  five  years  of  related  experi¬ 
ence.  Position  1  requires  Senior 
Developer  with  experience  in 
Java/J2EE,  XML,  XSL,  Oracle 
8i,  DB2,  EJB,  Websphere,  and 
WSAD.  Position  2  requires  a 
Mainframe  Programmer  with  a 
minimum  of  two  (2)  years  work¬ 
ing  with  State  Government  Un¬ 
employment  Insurance  Systems 
that  includes  experience  in  CO¬ 
BOL,  CICS,  JCL,  REXX,  DB2, 
and  IMS.  $70,500/yr,  40  hrs/wk, 
9a  -  6p.  Send  resumes,  listing 
Job  Order  #  WEB483548  to  Site 
Manager,  Beaver  County  Car¬ 
eerLink,  2103  Ninth  Avenue, 
Beaver  Falls,  PA  15010-3957. 


Information  Technology  Spec¬ 
ialists.  Auburn  University  seeks 
two  IT  specialists  to  provide  sup¬ 
port  in  one  or  more  of  the  follow¬ 
ing  IT  areas:  system  administra¬ 
tion,  network  and/or  operating 
systems  support,  information 
systems  design  and/or  imple¬ 
mentation,  or  user  and/or  client 
services.  Perform  IT  support 
tasks  of  complex  nature. 
Represent  unit  on  projects  or 
activities.  Work  assignments 
may  require  periods  of  "on-call" 
support  responsibilities.  May 
supervise  lower  level  IT  special¬ 
ists  and  assign  and  check  the 
work  of  students. 

Both  positions  require  Bach¬ 
elor's  or  equivalent  in  Computer 
Science  or  related  plus  2  years 
of  experience  as  an  IT  specialist 
programming  complex  systems 
in  VBScript,  ASP,  and  other  lan¬ 
guages;  SQL  server  administra¬ 
tion;  creating  and  maintaining 
SQL  servers  databases  and 
application;  and  installing  and 
maintaining  Microsoft  server 
operating  systems.  One  posi¬ 
tion  requires  the  following  addi¬ 
tional  qualifications:  program¬ 
matically  interfacing  with  Active 
Directory  using  ADSI  and  devel¬ 
oping  web  pages  with  excellent 
human  interfaces.  Master's 
degree  in  computer-related  field 
with  demonstrated  relevant 
coursework/experience  may  be 
substituted  for  above  require¬ 
ments.  Must  have  indefinite 
legal  authority  to  work  in  the 
U.S.  Please  send  resume 
demonstrating  all  minimum 
requirements  to:  Mike  Stewart. 
Director,  Information  Systems, 
Telecom  Building,  Auburn 
University,  AL  36849. 

Job  Benefits 

A  benefits  package  may  or  may 
not  be  available.  Request  spe¬ 
cific  information  from  the 
employer. 


PROG.  ANALYST  - 
JAVA  SUPPORT  SYS. 

Provide  infrastructure  sys.  sup¬ 
port  on  Java  technologies  like 
WebLogic  &  WebShere  in  J2EE 
on  Solaris/AlX/Linux  platforms. 
Dsgn/implmnt  hardware  &  soft¬ 
ware  for  Java  appln  servers. 
Deploy  dvlpd  frameworks  to 
support  a  major  financial  appln. 
BS  in  Comp.  Sci.,  Electrical  or 
Electronics  Engnrg  +  2  yrs  exp. 
in  job  offered  or  in  Java  Sys. 
Support  Software  Engnrg  reqd. 
Exp.  must  incl.  WebLogic, 
WebSphere,  J2EE  &  Service 
Oriented  Architecture,  Solaris/ 
AIX/Linux  platforms,  ClearCase 
&  Introscope.  High  mobility  pre¬ 
ferred.  40  hrs/wk,  OT  as  reqd, 
8am  -  5pm,  $66,730/yr.  Submit 
resume  to:  Site  Administrator, 
Greene  County  CareerLink,  4 
West  High  Street,  Waynesburg, 
PA  15370-1324.  Refer  to  Job 
Order  No.  WEB  484636. 


Programmer/Analyst  (multiple 
positions)  needed  for  Software 
Development,  Services  &  BPO 
firm  located  in  Burlington.  VT. 
Job  duties  include:  Analyze, 
design,  and  develop  computer 
applications  for  clients  located 
throughout  the  U.S.  Modify  and 
upgrade  EDI  systems.  Work  with 
Gentian  systems  and  Oracle 
databases.  Use  J2EE  technolo¬ 
gies.  Involved  in  data  warehous¬ 
ing  projects.  Use  Cognos.  Ap¬ 
plicant  must  have  B.S.  degree  in 
Computer  Science,  Business, 
Math  or  Engineering.  Applicant 
must  also  have  1  yr.  exp  in  the 
job  duties  described  above  or  in 
any  computer  related  occupa¬ 
tion  which  must  include  the  skills 
listed  above.  40hrs/wk,  8am- 
5pm,  M-F,  $60,000/yr.  Send 
resumes  to:  Job  No.  30284,  PO. 
Box  488,  Montpelier,  VT  05601- 
0488. 


4  openings  for  Maine: 

1st:  Database  Administrator:  Will 
be  responsible  for  Database 
Administration  using  Oracle  8i/9i 
RAC,  SQL  server,  IBM  DB2 
UDB  databases,  configuration  of 
Oracle  9iAS.  Data  modeling  us¬ 
ing  ER-Win,  visio,  ETL  configu¬ 
ration  using  Informatica  Power 
Center.  Business  Objects  Rep¬ 
orting  tool,  HP-UX,  AIX,  Solaris, 
VMS,  DB  performance  Tuning, 
Expert  PL/SQL,  Unix  Shell 
Scripting,  Data  Architect  and 
Integrator. 

2nd:  Software  Developer:  Will 
develop,  test  and  implement 
commercial  Client/Server.  appli¬ 
cations  using  Jwave,  PvWave, 
POI,  XDoclets  with  struts,  Java 
Server  Faces,  JSTL,  and  EJB. 
Convert,  enhance  and  migrate 
windows  based  applications. 
Must  be  Microsoft  certified. 

3rd:  Database  Administrator: 
Will  be  responsible  for  adminis¬ 
tration  and  maintenance  of 
Oracle  databases  using  Oracle 
streams.  Quest  shareplex,  Veri¬ 
tas  VCS,  Net  Appliance  Fiber 
attached  storage,  Oracle  and 
Sun  servers.  Manages  database 
performance,  availability,  back¬ 
up,  restore  and  recovery  using 
Oracle  tools  like  Enterprise 
Manager,  Recovery  Manager. 
Responsible  for  advanced  data 
replication  of  production  data¬ 
bases  using  Oracle  streams  and 
Shareplex  software. 

4th:  Software  Developer:  Will 
develop,  test  and  implement 
XML,  COM+  and  .NET  centric 
multi  tiered,  multi  language  sup¬ 
port  distributed  Client/Server. 
Internet  applications  with  Visual 
Studio  (VB,  VC++),  Visual  Stud- 
io.NET  (VB.NET,  C#,  VC++), 
xmlspy,  Infragistics,  Actuate 
Formula  one  suite  of  tools  and 
Business  Intelligence/Reporting 
applications  with  Crystal  Re¬ 
ports,  Crystal  Enterprise  and 
Data  Dynamics  ActiveReports, 
SQL  Server,  and  DB2  databases 
on  Windows  DNA  and  Microsoft 
.NET  framework.  Develop  and 
integrate  windows  based  clients 
for  Midrange,  Mainframe  and 
ERP  applications.  Convert,  en¬ 
hance  and  migrate  windows 
based  applications. 

Competitive  wages,  40  hrs/ 
week,  Bachelors  degree  and  2 
yrs.  experience  required  for  all  4 
openings,  please  send  resume 
to  Broadfusion  Inc.,  12  Vi  Pike 
St.,  Augusta,  ME  04330. _ 


PROG  ANALYST  - 
BUS.  ANALYSIS 

Analyze  bus.  reqrmnts,  process 
mapping,  process  reengineer¬ 
ing,  project  mgmt  &  decision 
support  sys.  for  web  &  client- 
server  applns  &  enterprise 
Resource  Planning  products  for 
credit  card  &  insurance  industry 
applns.  Collect  &  document 
functional  specs,  workflows, 
bus.  rules  &  use  cases.  MS  in 
MIS,  Comp.  Sci.,  Electrical  or 
Electronics  Engnrg  +  2  yrs  exp. 
in  job  offered  or  in  Bus.  Analysis 
Software  Engnrg  reqd.  Exp. 
must  incl.  Vantage-One  soft¬ 
ware,  Kondor  risk  mgmt  suite, 
use  cases  &  RUP.  High  mobility 
preferred.  40  hrs/wk,  OT  as 
reqd,  8am  -  5pm,  $66,730/yr. 
Submit  resume  to  Manager. 
Butler  County  CareerLink, 
Pullman  Commerce  Center,  112 
Hollywood  Drive,  Suite  101, 
Butler,  PA  16001-5699.  Refer 
to  Job  Order  No.  WEB  484226. 


BCCUSA,  Inc.  -  South  Portland, 
ME  needs  experienced  Program¬ 
mer  Analyst  having  a  Bachelors 
degree  with  min  2  years  of  pro¬ 
gressive  Technical/Functional 
work  exp  in  Oracle  11i  ERP  (AR, 
GL.AP.OM.PA.INV.BOM.EDI), 
System  Administration,  AOL  and 
OM  API's.  Should  have  experi¬ 
ence  in  Creation  of  New  Forms, 
Customization  of  existing  forms 
through  custom.pll.  Creation  of 
new  reports  and  customization  of 
seeded  reports.  Exp  in  Oracle 
9i/8i,  Unix  Scripts  and  PERL  is 
desired.  Competitive  salary  and 
benefits.  M-F,  40  hours/week 
Please  mail  your  resume  to  6CC 
USA  Inc.,  HR  Department.  S5fii 
Main  Street  Suite201,  Sovtui 
Portland,  ME  -  04106. 
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Computer  Research  Specialists 
(Computer  Programmers)  need¬ 
ed  in  Tallahassee.  FL.  Req. 
Bachelor's  degree  or  equiv.  in 
Comp.  Sci..  Comp.  Engg.,  Math 
or  related  &  2  yrs.  exp.  in  job 
offered  or  in  related  occupation 
as  a  Computer  Professional.  A 
Bachelors  degree  or  equiv.  in 
Computer  Science.  Computer 
Engineering,  Math  or  a  directly 
related  field  &  2  yrs.  of  relevant 
exp.  is  considered  the  equiva¬ 
lent  of  a  Masters  degree.  Equiv¬ 
alency  is  defined  as  determined 
by  properly  evaluated  creden¬ 
tials.  Exp.  must  include  1  yr. 
working  with  Cobol,  CIS,  DB2. 
Duties  include:  Under  supervi¬ 
sion,  develop  &  write  computer 
programs  to  store,  locate  &  re¬ 
trieve  specific  documents,  data 
&  information;  Write  SQR  pro¬ 
grams  to  convert  the  data  from 
legacy  system  into  PeopleSoft 
ERP  system;  Maintain  &  devel¬ 
op  software  applications  for 
Student  Administration  module; 
Solve  technical  problems  related 
to  PeopleSoft  applications; 
Maintain  legacy  system  for  the 
Office  of  Student  Financial  Aid; 
Review  &  process  data  entered 
by  students  for  purposes  of 
record  keeping;  Document  & 
transfer  data  to  the  Office  of 
Student  Financial  Aid;  Work  with 
Cobol.  CICS,  DB2,  JCL,  Java, 
Easytrieve,  C,  HTML  &  Coldfus¬ 
ion;  Confer  with  users  to  under¬ 
stand  &  implement  changes  to 
system  upon  approval  of  super¬ 
visor;  All  work  is  reviewed.  Sev. 
pos.  avail.  40  hrs.  perwk.,  8  AM- 
5  PM;  $46,683/yr.  Send  resume 
to:  Workforce  Program  Support, 
P.O.  Box  10869,  Tallahassee,  FL 
32302-0869,  Ref.  Job  Order 
#FL-2590832. 


Computer/Info  Systems 

Information  Systems 
Professionals 

To  participate  in  analysis,  prob¬ 
lem  solving,  project  design  and 
technical  implementation  for 
major  projects.  Participate  in 
the  timely  and  high  quality 
delivery  of  product;  implemen¬ 
tation,  integration,  design,  cod¬ 
ing,  testing  and  documentation 
of  custom  application  software; 
evaluate  user  requirements 
and  consult  with  design  team 
to  identify  current  procedures 
and  needs;  support  and  train 
end-users.  Technologies/Plat¬ 
forms  used  include  UNIX,  Win¬ 
dows  NT,  SQL  Server,  or  Orac¬ 
le  using  SQL,  C/C++,  Visual 
Basic,  Java,  Cobol  and  other 
appropriate  programming  lan¬ 
guages  in  Client/Server,  Net¬ 
work  and  Mainframe  environ¬ 
ments.  Must  have  a  Bachelors 
degree,  or  its  equivalent.  We 
are  hiring  at  all  experience  lev¬ 
els. 

Please  send  resume  to: 

Human  Resources, 
Knightsbridge  Solutions, 

500  W.  Madison  Ave., 

Suite  3100,  Chicago,  IL  60661 
or 

recruiting@knightsbridge.com 

EOE 


Computer  Professionals:  Wintel 
Systems,  Inc.  needs  top-notch 
professionals  w/consulting  exp. 
in  some  of  the  following  areas  or 
combination  thereof:  Java  tools, 
J2EE,  XML,  Web  Development, 
C,  C++.  VC++.  MFC,  UNIX,  Win 
XP/NT/2000,  Web  Technologies/ 
E-commerce  (CGI,  Perl,  Script¬ 
ing),  PowerBuilder,  AIX,  SCO, 
SCCS,  SVR,  SunSolaris,  Lotus 
Notes,  SQR,  RDBMS,  Oracle, 
SAP,  PeopleSoft,  BAAN,  JD Ed¬ 
wards,  Sybase,  SQL  Server, 
DB2,  OLAP,  Financial  Services 
Exp.  (FIX,  SWIFT,  Protocals), 
Client/Server,  OOD/OOA,  COM/ 
DCOM,  ASP.  Visual  Interdev, 
Coolgen.  Host  Encyclopedia, 
MVS.  JCL,  DB2  and  COBOL, 
Artificial  intelligence.  Knowledge 
Engineering,  Knowledge  Acqui¬ 
sition,  or  Cognitive  Modeling, 
Enterprise  Resource  Planning) 
applications.  Top  $.  Requires 
Master's/Bachelor's  degree  w/1 
to  5  yrs  of  professional  exp. 
Must  be  willing  to  travel  to  client 
sites  throughout  the  U.S, Please 
mail  resume  to:  330  E.  Roose¬ 
velt  Rd.,  Suite  2D1 ,  Lombard,  IL 
60148.  Attn:  Ash. 


Senior  Software  Engineer  to 
work  in  Unified  Database  Envi¬ 
ronment  group  of  Fixed  Income 
Division.  Will  perform  functional 
analysis  for  major  Sybase  pro¬ 
jects  supporting  several  corpo¬ 
rate  initiatives.  Will  be  responsi¬ 
ble  for  multiple  phases  of  the 
project  development  serve  as 
the  key  developer  &  database 
administrator  for  the  team.  Spe¬ 
cific  duties  as  follows:  perform 
independent  technical  analysis 
on  complex  projects;  design 
database  requirements  on  major 
projects;  improve  the  production 
support  cycle  of  the  UDE;  serve 
as  technical  expert  for  Sybase; 
work  with  datamirror  transforma¬ 
tion  server  process  to  subscribe 
data  into  Sybase  database  from 
various  AS400  sources;  provide 
backup  DBA  support  &  replica¬ 
tion  server  support.  Requires 
BSc  or  equiv  in  Computer  Sci¬ 
ence,  Engineering,  Math  or  Phy¬ 
sics  plus  3  years  exper  in  Job 
Offered  OR  3  years  developing 
client  server/web  server  data¬ 
base  applications.  Candidate 
must  also  possess  demonstrat¬ 
ed  expertise  in  the  following: 
Sybase  database  development 
&  administration,  including  phys¬ 
ical  &  logical  database  design, 
query  optimization,  performance 
tuning  &  writing  database  ob¬ 
jects  --  stored  procedures  and 
triggers;  in  PERL  and  UNIX  shell 
scripting,  and  Object  Orientated 
analysis  and  design  using  Java 
and  C++;  and  in  datamirror  real¬ 
time  transformation  server  pro¬ 
cess  and  its  functionality  across 
platforms.  Sal:  $85,400/yr,  M-F, 
9AM-5PM.  Send  2  resumes  to 
Job  Order  #2003-343,  PO  Box 
989,  Concord,  NH  03302-0989. 
EOE.  Applicants  must  be  U.S. 
workers  eligible  to  accept  full¬ 
time  employment  in  U.S. 


SVAPTECH  SYSTEM  INC. 

Software  Engineer 

40hrs  per  week,  9am-5pm, 
$79,450  per  year.  The  job  is 
located  in  Melbourne  Florida. 
Requires  a  Master's  Degree  in 
Electronics,  Engineering,  Sci¬ 
ence,  Computer  Science,  or  it's 
Equivalent  &  3  years  experience 
in  job  offered  position  or  3  years 
experience  in  related  occupation 
in  Applications  Analyst/Program¬ 
mer.  Employer  will  accept  a 
Bachelor's  Degree  &  5  years  of 
Progressive  experience  in  the 
relevant  field  in  Lieu  of  a 
Master's  degree  &  3  years  expe¬ 
rience.  Analyze,  design,  devel¬ 
op,  test  &  integrate  software 
application  requirements  to  pro¬ 
vide  high  &  low  interfaces  in 
conjunction  with  hardware  using 
SQL,  PL/SQL,  XML,  UML, 
PRO‘C,  Rational  Clearcase, 
CVS.  Job  Duties:  Use  object  ori¬ 
ented  database  &  offline  rela¬ 
tional  database  as  backend  to 
handle  inventory  details.  Im-ple- 
ment  &  test  designs  in  program¬ 
ming  languages  like  C++  & 
Java.  Troubleshoot/repair  sys¬ 
tem  issues,  perform  system  up 
grades.  Send  resume  to  Agency 
for  Workforce  Innovation,  P.O. 
Box  10869,  Tallahassee,  FL 
32302.  RE  JO  FL#2591510. 


SW  Engineers  (Apps)  (National 
Placement  -  2  )  Perform  project 
execution  and  handle  team  de¬ 
sign  and  implement  SW  APPS. 
Analyze  system  &  customer 
reqmts  to  Design  and  Develop 
the  client  applications  that  meet 
the  business  reqmts  outlined  by 
the  clients.  Setup  application 
environment  &  project  structure 
including  the  team  mgmt  mod¬ 
els.  5  years  Exp.  in  related 
fields  and  a  min  Bachelor  in 
Computer  Science  or  Engg. 
Position  1  is  Java  Developer: 
Java/J2EE,  EJB  2.0,  UML, 
WSAD  5.X,  HTML,  MVC  Posi¬ 
tion  2  Microsoft  .NET  develop¬ 
er:  VB.NET,  ASP.NET,  Web 
Services,  XML,  SQL  server. 
Must  be  Microsoft  Certifed  Solu¬ 
tions  Developer  &  Microsoft 
Certified  Professional,  $70,500/ 
yr,  40  hrs/wk,  9a  -  6p.  Send 
resumes,  listing  Job  Order  # 
WEB484133  to  Site  Director, 
Pittsburgh/Allegheny  County 
CareerLink,  ATTN:  CL  Program 
Supervisor,  425  Sixth  Avenue, 
Suite  2200,  Pittsburgh,  PA 
15219-1837. 


Education  &  Human  Develop¬ 
ment  Department  of  Lamar 
University  in  Beaumont,  Texas, 
has  a  vacancy  for  a  Sr, 
Technical  Support  Analyst  to 
design,  implement  and  maintain 
customized  electronic  portfolios 
for  educator  preparation  stu¬ 
dents  and  programs  based  upon 
NCATE  accreditation  standards 
and  to  integrate  SBEC  and 
INTASC  protocols  and  stan¬ 
dards  within  e-portfolios. 
Master's  degree  preferred, 
Bachelor's  degree  required,  with 
an  emphasis  in  graduate  level 
computer  and  management 
courses.  Requires  one  year 
work  experience  in  IT  field 
preferably  in  a  university  based 
environment.  For  consideration, 
all  applicants  should  list  three  to 
five  samples  of  their  work  per¬ 
taining  to  the  above  require¬ 
ments,  and  official  transcripts 
are  required  at  the  time  of 
employment.  Please  send 
resumes  to  Human  Resources, 
Lamar  University,  P.O.  Box 
11127,  Beaumont,  TX  77710. 
AA/EEO  Employer. 


Internet  Development  Analyst. 
Responsible  for  planning,  developing 
and  deploying  eBusiness  applications 
and  technologies  in  support  of 
Roche's  business  activities. 
Specifically:  Develop-ing  new  web 
applications,  as  well  as  extensions, 
modifications  and  interfaces  to  exist¬ 
ing  eBusiness  applications;  Providi¬ 
ng  technical  expertise  and  analysis 
support  to  customers  wishing  to  make 
use  of  eBus-iness  technologies, 
Performing  process  analysis,  design 
of  application  architectures,  code  writ¬ 
ing  and  unit  testing;  Leading  large 
development  projects  requiring  in- 
depth  knowledge  of  complex  devel¬ 
opment  languag-es,  function  and 
interface  de-sign;  Communicating 
and  coordinating  with  end  users,  con¬ 
tractors,  system  administrators  and 
other  development  or  maintenance 
personnel  Prior  experience  must 
include  database  migration  and 
development  of  multiple  ecommerce 
web  applications.  The  position 
requires  an  BS  in  Electronics  or 
Computer  Engineering  and  5  years  in 
the  job  offered  or  5  years  of  pro¬ 
gram/system  analysis.  Submit 
resume  and  social  security  number 
to:  Kathy  Sanders,  Roche 

Diagnostics,  9115  Hague  Road, 
Indianapolis,  IN  46250.  No  phone 
calls  please. 


Software  Professionals  in  pro¬ 
gramming/analysis,  systems  an¬ 
alysis,  QA  engineering  &  testing, 
software  engineering,  systems 
administration,  and  related  fields 
at  all  levels,  including  project 
lead  and  manager,  with  relevant 
bachelor's  degree/equivalent. 
Also  seeking  Business  Develop¬ 
ment  Managers,  Business  De¬ 
velopers,  Business  Analysts, 
Market  Research  Analysts, 
Sales  Engineers,  Technical  Re¬ 
source  Management  profession¬ 
als  (several  levels.  Associates/ 
Sr.Executives/Manager)/Senior 
level  positions  require  graduate 
degree/equivalent.  May  be  relo¬ 
cated  for  short  and  long  term 
assignments  throughout  the 
U.S.A.  Zensar  Technologies, 
Inc.,  One  North  LaSalle,  Suite 
3650,  Chicago,  IL  60602.  Send 
resume  &  cover  letter  detailing 
position  sought  &  relevant  expe¬ 
rience  to  balu@usa.zensar.com. 
Please  quote  reference  CW/01/ 
05  Zensar  in  all  your  mails. 


Software  Engineer  (with  Ba¬ 
chelors  degree  plus  5  years 
experience)  -  Columbus,  OH. 
Job  entails  and  requires  expe¬ 
rience  in  designing  applica¬ 
tions  using  SQL  Server, 
Visual  Basic,  DHTML,  ASP 
and  Java  Script;  development 
using  Oracle,  XML,  Visual 
Interdev  and  Unix.  Relocation 
within  USA  Possible.  Attract¬ 
ive  compensation  package. 
Send  resume  to  Priya  Venkat, 
Technology  Software  Inc., 
1515  Bethel  Rd.,  Suite  304, 
Columbus,  OH  43220. 


Programmer/Analyst  (multiple 
positions)  needed  for  Software 
Development,  Sen/ices  &  BPO 
firm  located  in  Burlington,  VT. 
Job  duties  include:  Analyze,  de¬ 
sign,  develop,  code,  implement 
and  test  speech  processing  soft¬ 
ware  and  applications  in  Win¬ 
dows  and  UNIX  environments 
with  relational  databases  such 
as  Oracle,  DB2,  or  Sybase.  Ap¬ 
plicant  must  have  B.S.  degree  in 
Computer  Science,  Business, 
Math  or  Engineering.  Applicant 
must  also  have  2  yrs.  exp.  in  the 
job  duties  described  above  or  in 
any  computer  related  occupa¬ 
tion  which  must  include  design¬ 
ing  and  developing  speech  pro¬ 
cessing  software  in  both  UNIX 
and  Windows  environments  and 
including  a  min.  of  1  yrs.  of  Or¬ 
acle,  DB2,  and  Sybase.  40hrs/ 
wk,  8am-5pm,  M-F,  $57,008/yr. 
Send  resumes  to:  Job  No. 
30274,  P.O.  Box  488,  Montpel¬ 
ier,  VT  05601-0488. 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis,  TN:  Senior  Business  Sy¬ 
stems  Analyst.  Develop  major 
applications  systems  require¬ 
ments,  testing  and  controls. 
Requirements:  Bachelor’s  de¬ 
gree  or  equivalent*  in  business, 
computer  science,  engineering, 
mathematics,  MIS  or  related 
field,  plus  5  years  of  experience 
in  systems  planning  and  design 
or  systems  development  and 
integration.  Experience  with: 
software  development  using 
Visual  Basic.Net  or  ASP.Net; 
database  administration  using 
SQL;  and  STAR  scheme  data 
warehousing  also  required. 
"Master's  degree  in  appropriate 
field  will  offset  2  years  of  gener¬ 
al  experience.  Submit  resumes 
to  Jay  Carlson,  Federal  Express 
Corporation,  3680  Hacks  Cross 
Road,  Bldg  H-2nd  Floor,  Mem¬ 
phis,  TN  38125.  EOE  M/F/D/V. 


Software  Engineer 

Develop,  create  &  modify  soft¬ 
ware  apps,  etc.  Customize  soft¬ 
ware  &  optimize  oper.  efficiency 
etc.  Must  have  Masters  degree 
or  Bachelors  plus  five  years  of 
progressively  resp.  exper,,  incl. 
at  least  2  yrs  of  demonstrable, 
prof,  exper.  using:  Oracle,  Pow¬ 
erBuilder,  MSAccess2000,  Infor- 
matica,  PVCS,  Toad,  Bethnic 
Software,  Sco  Unix,  Unix  Shell 
Script,  Java,  Unify,  Visual  Basic, 
&  SQL.  $75, 000/year,  FAT,  hrs 
vary.  Send  res.  to  Greene  Cty. 
Careeriink,  Attn:  Site  Admin.,  4 
W.  High  St.,  Waynesburg,  PA 
15370-1324.  Ref.  Job  Order  # 
WEB  483818. 


Programmer  Analyst:  Provide 
conceptual  data  processing  so¬ 
lutions  to  customer  business 
problems  in  mission  critical  sys¬ 
tems  such  as  customer  billing, 
customer  svee.,  marketing  info, 
systems  &  service  &  materials  & 
financial  systems.  Support  the 
application  systems  planning 
process.  Analyze  existing  sys¬ 
tems  &  procedures  &  determine 
the  feasibility  of  data  processing 
applications.  Master's  in  Com¬ 
puter  Science  or  a  closely  relat¬ 
ed  field.  Resume  to  Ali  Zakir, 
Supna  Corp.,  5500  Oakbrook 
Pkwy,  Ste  120,  Norcross,  GA 
30093. 


KPK  Technologies  Inc  has  im¬ 
mediate  openings  for  IT  consul¬ 
tants  to  fill  various  positions  to 
customize  applications,  datbase 
system,  software  using  Java, 
DB2,  Oracle,  VB,  Web- 
logic/Websphere,  etc.  Good 
wages.  Travel  required.  Please 
contact  lnfo@kpktech.com. 
EOE. 

Sage  IT  is  looking  for  IT  profes¬ 
sionals  to  develop  applications 
using  Cognos  Impromptu,  Pow- 
erPlay,  ReportNet,  SQL,  Oracle, 
Tera  data  (NCR),  Sybase,  Es- 
base,  DB2,  Red  Bricks,  Inform¬ 
atics,  Data  Stage,  Ab  Initio,  Web 
Logic/Sphere,  JSP,  ASP.  Min. 
BS  w/  exp.  Please  contact 
info@saaeitinc.com.  EOE. 


PROJECT  MANAGER.  Manage 
all  aspects  of  a  software  devel¬ 
opment  project  throughout  the 
development  process  utilizing 
the  Rational  Unified  Process 
(RUP)  methodology  and  project 
management  software  tools. 
Communicate  project  status  and 
issues  to  the  customer  and  to 
management.  Ensure  that  goals 
and  objectives  of  projects  are 
accomplished  within  prescribed 
time  frames;  Confer  with  project 
staff  to  outline  work  plan  and  to 
assign  duties,  responsibilities, 
and  scope  of  authority.  Require: 
Bachelor's  or  foreign  degree 
equivalent  in  Computer  Science, 
Electronic  Engineering,  or  a 
closely  related  field,  with  3  years 
of  experience  in  the  job  offered 
or  in  software  development. 
Experience  must  include  2  years 
using  RUP  and  Configuration 
Management  Software  (PVCS). 
Paid  travel  on  long  or  short  term 
assignments  to  various  unantici¬ 
pated  client  sites  within  the  U.S. 
is  required.  Send  resume  to:  Re¬ 
cruiter-Human  Resources,  Para¬ 
gon  Solutions,  3625  Brookside 
Pkwy,  Suite  300,  Alpharetta.  GA 
30092.  (No  Phone  Calls  Please) 


Market  Analyst  -  Inf  I,  E-Com- 
merce/B2B:  Conduct  mkt  re¬ 
search  for  computer  products  & 
services  to  determine  potential, 
maintain  &  improve  int'l  sales  & 
mkt  penetration.  Establish,  de¬ 
sign  &  administer  formats  for 
mkt  research  &  analysis,  pre¬ 
pare  reports  &  analyses,  &  use 
to  help  determine  mkting  strate¬ 
gy  &  focus.  Coordinate  w /  "back 
end"  operation  overseas.  Follow 
up  to  determine  effectiveness  of 
methods  &  efforts  of  competi¬ 
tors.  BA  or  equiv  +  2  yrs,  1  in 
int'l/foreign  markets.  Respond  to 
HR  Administrator,  En  Pointe 
Technologies,  100  N  Sepulveda 
Blvd,  19th  fT,  El  Segundo,  CA 
90245. 
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Programmer/Analyst  (multiple 
positions)  needed  for  Software 
Development,  Services  &  BPO 
firm  located  in  Burlington,  VT. 
Job  duties  include:  Provide  tech¬ 
nology  development  solutions 
for  middleware  applications  and 
integration  of  various  legacy 
software  with  business  applica¬ 
tions  like  SAP,  MQSeries,  MS 
Integrator,  Java,  and  WebSphe¬ 
re  Application  Server.  Perform 
work  as  part  of  a  team.  Applicant 
must  have  B.S.  degree  in  Com¬ 
puter  Science,  Business,  Math 
or  Engineering.  Applicant  must 
also  have  1  yr.  exp.  in  the  job 
duties  described  above  or  in  any 
computer  related  occupation 
which  must  include:  1  yr.  of  exp. 
w/MQ  Series  applications  and 
tools  and  a  min.  of  3  mos.  With 
the  specific  skill  sets  listed 
above.  40hrs/wk,  8am-5pm,  M- 
F,  $65,000/yr.  Send  resumes  to: 
Job  No.  30294,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 

Programmer/Analyst  (multiple 
positions)  needed  for  Software 
Development,  Services  &  BPO 
firm  located  in  Burlington,  VT. 
Job  duties  include:  Analyze, 
design,  develop  and  implement 
computer  applications  for  clients 
located  throughout  the  U.S. 
Develop  Java  based  applica¬ 
tions  using  ATG  Dynamo  on  a 
Websphere  Application  server. 
Use  Rational  Rose,  SQL, 
PL/SQL,  and  DB2.  Perform  work 
as  part  of  a  team  under  direct 
supervision.  Applicant  must 
have  B.S.  degree  in  Computer 
Science,  Business,  Math  or 
Engineering.  Applicant  must 
also  have  6  mos.  exp.  in  the  job 
duties  described  above  or  in  any 
computer  related  occupation 
which  includes  the  skills  listed 
above  40hrs/wk,  8am-5pm,  M- 
F,  $65,000/yr.  Send  resumes  to: 
Job  No.  30301,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 

SVAPTECH  SYSTEM  INC 
Software  Engineer 

40hrs  per  week,  9am-5pm, 
$80,000  per  year.  Requires  a 
Master  Degree  in  Science  or 
Computer  Science.  Must  have  2 
years  exp.  in  job  offered.  Duties: 
Analyze,  design,  develop  and 
test  software  applications  in  con¬ 
junction  w/hardware  using  lan¬ 
guages  like  C,  C++,  Java  SQL, 
PL/SQL,  Shell  on  Unix.  Program 
Database  applications  in  Oracle. 
Program  user  interfaces.  Per¬ 
form  IPC  &  network  program¬ 
ming  enhance  and  fix  bugs  in 
existing  software.  Analyze  soft¬ 
ware  requirements  to  determine 
feasibility  of  time  &  cost.  Job  to 
be  performed  at  Melbourne,  FL. 
Send  resume  to  Agency  for 
Workforce  Innovation,  P.O.  Box 
10869,  Tallahassee,  FL  32302- 
JOFL#  2589139. 

Seeking  qualified  applicants  for 
the  following  positions  in  Miami, 
FL:  Senior  Process  Imnrove- 
ment  Svstems  Analvst.  Desion. 
develop  and  maintain  databases 
and  web-based  reporting  sys¬ 
tems  for  operations  process 
improvement  functions.  Req¬ 
uirements:  Bachelor's  degree* 
or  equivalent  in  computer  sci¬ 
ence,  MIS  or  related  field  plus  5 
years  of  experience  in  offered 
position  or  in  data  collection,  sta¬ 
tistics  and  data  analysis. 
Experience  with  either  SQL, 
Oracle  or  MS  Access  also 
required.  Must  be  fluent  in  oral 
and  written  Spanish.  25%  inter¬ 
national  travel  required. 

'Master's  degree  in  appropriate 
field  will  offset  2  years  of  gener¬ 
al  experience.  Submit  resumes 
to  Anre  Garrett,  Federal  Express 
Corporation,  701  Waterford 
Way,  Suite  1000,  Miami,  FL 
33178.  EOE  M/F/D/V. 

Seeking  qualified  applicants  for 
the  following  positions  in 
Collierville.  TN:  Senior  Proar- 
ammer  Analvst.  Formulate/ 
define  functional  requirements 
and  documentation  based  on 
accepted  user  criteria.  Req¬ 
uirements:  Bachelor’s  degree* 
or  equivalent  in  computer  sci¬ 
ence,  MIS,  applied  mathemat¬ 
ics,  engineering  or  related  field 
plus  5  years  of  experience  in 
systems/applications  develop¬ 
ment.  Experience  with  J2EE, 
CORBA  and  database  develop¬ 
ment  also  required.  ’Master's 
degree  in  appropriate  field  will 
offset  2  years  of  general  experi¬ 
ence.  Submit  resumes  to 
Kamlesh  Dhaliwal,  FedEx 
Corporate  Services,  101  N 
Sepulveda  Blvd.,  3rd  Floor,  El 
Segundo,  CA  90245.  EOE 
M/F/DA/. 

SYSTEMS  SOFTWARE  ENGI¬ 
NEER  to  provide  on-site  consul¬ 
tancy  to  analyze,  design,  devel¬ 
op  and  implement  systems  soft¬ 
ware  in  web  architecture  using 
Java,  WebMethods  and 

RDBMS,  Oracle  and  Web¬ 
Sphere  for  distributed  network 
systems  in  Unix  and  Windows 
environment.  Require:  Master  in 
Computer  Science/Electronics 
Engineering/Mathematical 
Science.  Coursework  must 
include  Website  Programming, 
Networking,  Database  Manage¬ 
ment  and  Software  Engineering. 
40%  travel  to  client  sites  within 
the  United  States  required. 
Competitive  salary  and  benefits, 
40-hours/week.  Apply  with 
resume  to:  Human  Resource 
Manager,  4C  Solutions,  Inc., 
1201  7th  Street,  East  Moline,  IL 
61244. 

Computer:  Asst.  Mngrs.  needed. 
Seeking  qual.  candidates  pos¬ 
sessing  MS/BS  or  equiv.  and/or 
rel.  work  exp.  Part  of  the  req.  rel. 
exp.  must  include  3  yrs.  working 
w/  WebMethods  and  1  yr  work¬ 
ing  w /  SAP.  Exp.  can  be  simult. 
Duties  include:  Design,  dev,  & 
analyze  comp,  soft,  applic.  & 
syst.  Set  guidelines  &  time 
frames  &  monitor  various  phas¬ 
es  of  projects.  Work  w/ 
WebMethods,  SAP,  C++,  VC++, 
HTML,  &  XML.  Fwd.  res.  &  ref. 
to  Hyundai  Motor  Manufac¬ 
turing  Alabama,  700  Hyundai 
Blvd.,  Montgomery,  AL  36105. 

Computer:  Asst.  Mngrs.  need¬ 
ed.  Seeking  qual.  candidates 
possessing  MS/BS  or  equiv. 
and/or  rel.  work  exp.  Part  of  the 
req.  rel.  exp.  must  include  3  yrs. 
working  w /  WebMethods  and  1 
yr  working  w /  SAP.  Exp.  can  be 
simult.  Duties  include:  Design, 
dev.  &  analyze  comp,  soft 
applic.  &  syst.  Set  guidelines  & 
time  frames  &  monitor  various 
phases  of  projects.  Work  w / 
WebMethods,  SAP,  C++,  VC++, 
HTML,  &  XML.  Fwd.  res.  &  ref. 
to  Hyundai  Motor  Manufactur¬ 
ing  Alabama,  Attn:  Lynne  Zaris, 
700  Hyundai  Blvd.,  Montgom¬ 
ery,  AL  36105. 

Programmer  Analyst 

Design,  develop,  test  &  deploy 
IT  solutions  for  B2B  environ¬ 
ment.  Must  have  Bachelors 
Degree  or  foreign  equiv.  in 
Computer  Science  or  Eng.  in  a 
related  field  &  2  yrs.  exp.  or  2 
yrs.  exp.  in  a  related  position 
w/ability  to  use:  Java,  Java 
Beans,  UNIX,  Tomcat,  PL/ 
SQL  &  Oracle.  40.0  hrs./wk 
9:00  AM  -  6:00  PM.  Applicants 
send  cover  letter  and  resume 
to:  SRA  Systems, 1945  Cliff 
Valley  Way,  Suite  270,  Atlanta, 
GA  30329,  Attn:  S.  Srinivasan. 

Quality  Assurance  Analyst  (NJ): 
Eval  &  test  new  or  modified 
s/ware  prgms  &  s/ware  dvlpmt 
procedures  used  to  verify  that 
prgms  function  accdg  to  busi¬ 
ness  reqmts,  functional  specs  & 
conformity  w/establishment 

guidelines:  Write,  revise  &  verify 
test  procedures  for  prgm  dsgn  & 
product  eval  to  attain  qlty  of 
s/ware  efficiently.  Execute  GUI, 
Functional,  Integration,  Regr¬ 
ession  &  Performance  test  pro¬ 
cedures  on  applies.  Analyze  test 
results  for  accuracy  &  continuity 
in  s/ware  &  maintain  reports. 
Bach  in  Comp  Sci  or  Engg  &  2 
yrs  exp  in  job  offd  reqd.  Fax 
resume  to  HR  at  201-295-7552. 

Software  Engineer  (Java  Archi¬ 
tect  -  Applications)  (National 
Placement)  Experience  in  analy¬ 
sis,  design,  architecture,  requ¬ 
irement  gathering,  development 
and  maintenance  of  customized 
J2EE  applications;  Must  have 
Bachelor's  Degree  in  Informa¬ 
tion  Technology  or  Computer 
Science  or  Electronics  and  mini¬ 
mum  8  years  of  related  experi¬ 
ence.  Also  should  be  BEA 
Certified  in  Java.  Architect  with 
Java/J2EE,  JAXP,  SAX,  XML. 
Oracle,  DB2,  Weblogic  Portal 
8.1,  LDAP.  $85,000/yr,  40  hrs / 
wk,  9a  -  6p.  Send  resumes,  list¬ 
ing  Job  Order  #  WEB483531  to 
Site  Manager,  Beaver  County 
CareerLink,  2103  Ninth  Avenue. 
Beaver  Fails,  PA  15010-3957. 

Software  Engineers  needed.  MS 
or  equiv.  and/or  rel.  work  exp. 
Exp.  must  incld.  1  yr.  working 
w/Java,  J2EE,  &  Oracle.  Duties 
include:  Research,  Design, 
Develop,  &  Implement  complex 
systems  appl.  Provide  functional 
&  empirical  analysis  related  to 
design,  development,  &  imple¬ 
mentation  of  automated  informa¬ 
tion  systems.  Must  be  willing  to 
travel  to  client  sites  &  train  users 
at  various  locations  for  different 
long  &  short  term  projects.  Work 
W/C++,  DBA,  Unix,  &  Shell 
Scripts.  Send  resume,  ref.,  and 
sal.  req.  to  Business  Integra, 
7018  Mathew  St.,  Greenbelt, 
MD  20770. 

Websphere  Administrators  to 
configure,  install  and  administer 
WebSphere  Application  Server, 
IIS,  Nokia  Wap  Serve  etc;  create 
and  manage  the  connection 
pools  of  the  WebSphere  and 
cluster;  run  korn  jobs  in  AIX  to 
generate  reports;  analyze  UML 
design  patterns  using  Rational 
Rose;  perform  appl  support  in 
testing,  identifying  issues  and 
tracking  bugs  and  solving  prob¬ 
lems.  Require  BS  or  foreign 
equiv  in  CS/Computer  Engg  with 
6  months  exp  in  Websphere 
administration.  Travel  involved. 
F/T  position,  competitive  salary. 
Resume  to:  HR,  Koneru  Soft¬ 
ware  Services,  333  Swanson 
Dr.,  Ste  124,  Lawrenceville,  GA 
30043. 

WebSphere/Unix  Consultant 
(CCNA)  needed  at  client  sites  to 
install,  configure  WebSphere 
Appl  on  SUN  Solaris,  AIX,  Linux 
Enterprise  server;  troubleshoot 
WebSphere  in  Unix,  manage  & 
diagnose  JDK/J2EE,  IBM  DB2, 
MQ  JMS  related  issues;  man¬ 
age  diverse  UNIX  platforms 
(Solaris,  AIX,  Linux);  manage, 
maintain  Cisco  routers,  switch¬ 
es,  firewall;  support  VPN;  per¬ 
form  SSO  &  security  implmtn 
w/Netegrity  Siteminder.  Resume 
to:  Global  Consultants,  Attn 
Hireme,  25  Airport  Rd, 
Morristown,  NJ  07960 

Systems  Analyst  ll-Newnan, 
GA--Req.  B.S.  Computer  Sci., 
Info.  Tech.,  or  related  field  +  5 
yrs  exp.  w/Oracle  Decision 
Support  System  design  &  devel¬ 
opment.  To  include  3  yrs  exp. 
w/Solomon.  HP-UX  Unix,  and 
e'Commerce.  Must  be  Oracle 
Certified  DBA  &  Oracle  Certified 
Internet  Application  Developer. 
Exp.  may  be  gained  concurrent¬ 
ly.  May  also  hold  a  M.S. 
Computer  Sci.,  Info.  Tech.,  or 
related  field  &  3  yrs  of  above 
experience.  Resumes  to:  Ms 
Kim  Bunch,  Job  Reference 
#PR04-2005,  Yokogawa  Corpor¬ 
ation  of  America,  2  Dart  Road, 
Newnan,  Georgia  30265. 
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Tuesday 

continued  from  page  1 

day  that’s  filled  with  coffee,  work 
and  more  work. 

“We  know  we  won’t  get  any 
sleep  when  it’s  Patch  Tuesday?’ 
says  Michael  Murray  director  of 
nCircle’s  Vulnerability  &  Expo¬ 
sure  Research  Team  (VERT), 
whose  engineers  rarely  go  home 
before  2  a.m.on  the  big  day 

Microsoft  last  year  released  45 
security  bulletins  and  patches;  18 
of  them  deemed  “critical”  (the 
highest  rating)  and  19  “impor¬ 
tant”  (the  second-highest). 
October  was  the  busiest  and 
most  crucial  month,  as  Microsoft 
hit  customers  with  10  patches, 
seven  rated  “critical." 

As  soon  as  Microsoft  releases 
its  patches,  nCircle’s  program¬ 
mers  in  San  Francisco  and  Toron¬ 
to  begin  unraveling  the  fixes.  It’s 
a  race  between  them  and  hack¬ 
ers  who  might  be  doing  the 
same. The  engineers  have  24 
hours  to  meet  service-level 
agreements  with  their  customers 
to  determine  what  has  changed 
in  the  software  and  to  deliver 
tests  that  the  customers  can  use 
to  decide  whether  their  systems 
need  to  be  patched. 

Microsoft  doesn’t  publicize  the 
changes,  so  that  exploits  for  the 
vulnerabilities  can’t  be  created 
—  not  immediately  anyway 

Knowing  Microsoft’s  patch 
schedule  lets  the  programmers 
mentally  prepare  for  Patch  Day 
Murray  is  based  at  nCircle’s 
Toronto  office,  but  for  Patch 
Tuesday  on  Dec.  14, 2004,  he’s  at 
the  San  Francisco  facility 

The  day  begins  on  a  promising 
note:  Microsoft  is  5  minutes 
early,  issuing  its  patches  at  10:05 
a.m.  Four  VERT  engineers  in  San 
Francisco  gather  at  the  compa- 
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ny’s“war  room,”  a  tiny  office 
that’s  barely  large  enough  to 
house  a  table  that  sits  eight  peo¬ 
ple.  Nine  engineers  in  Toronto 
wait  for  Murray  to  open  the 
phone  bridge,  which  will  stay 
open  all  day 

Microsoft  has  issued  five  patch¬ 
es,  each  rated  “important.”  Murray 
his  FbwerBook  perched  on  the 
table  amid  cables,  two  digital 
projectors  and  the  conference 
call  unit,  clicks  between  the 
pages  Microsoft  has  posted 
about  the  vulnerabilities  and 
patches.  He  scribbles  on  a  white¬ 
board  the  vulnerabilities  and 
their  Microsoft-assigned  num¬ 
bers, “041  Wordpad,042  DHCP 
043  Hyperterminal,  044 

C  5 

More  on  patching 

•  Look  to  next  week's  issue  for 
a  special  collection  of  features 
on  patch  management. 

•  View  the  patch  management 
showdown  we  hosted  online 
in  November. 
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Kernel/LSSAS,  045  WINs.”  He  puts 
a  cross  next  to  each  of  the  five  to 
denote  that  they  are  all  “locals,” 
meaning  that  they  could  be  ex¬ 
ploited  via  e-mail  or  by  people 
on  the  system.  Next  to  the  Dy¬ 
namic  Host  Configuration  Proto¬ 
col  (DHCP)  and  WINs  vulnerabil¬ 
ities  are  two  more  crosses,  denot¬ 
ing  that  they  are  also  “remotes” 

—  services  that  are  accessed 
remotely 

“I’ll  buy  lunch  for  anyone  who 
writes  an  exploit  forWordpad,” 
quips  Christian  Hunt,  manager  of 
VERT  in  San  Francisco.  Murray 
assigns  teams;  all  the  “locals”  will 
go  to  the  Toronto  engineers,  and 
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San  Francisco  will  take  the  “re- 
motes.”The  teams  are  scheduled 
to  meet  every  three  hours. 

Back  at  their  cubicles  just  out¬ 
side  the  war  room,  the  engineers 
download  the  patches  onto  an 
instance  of  the  affected  operat¬ 
ing  system  that  they’ve  created 
using  VMware’s  emulation  soft¬ 
ware.  They  grab  the  binaries  from 
the  patches  and  load  them  into 
the  IDA  Pro  disassembler  tool 
from  DataRescue.  IDA  reveals  the 
lines  of  code  written  by  Micro¬ 
soft  programmers,  and  nCircle 
engineers  pore  over  the  evi¬ 
dence  to  pick  out  the  differences 
in  the  patched  and  unpatched 
software. 

The  engineers  jump  back  and 
forth  from  their  cubes  to  the  war 
room,  where  Murray  and  Jeremy 
Cooper,  a  senior  software  engi¬ 
neer,  are  sitting,  swapping  notes 
and  advice.  Sometimes  the  engi¬ 
neers  will  communicate  via  In¬ 
ternet  Relay  Chat  or  cell  phones 
—  even  though  they  are  in  the 
same  building.  Other  times  they 
un-mute  the  bridge  with  Toronto 
(this  is  most  often  done  by  Hunt, 
who  mercilessly  teases  his  Ca¬ 
nadian  colleagues).  By  1 1:45 
a.m.,  the  tests  for  041  and  043  are 
ready  for  quality  assurance,  and 
Murray  orders  pizza. 

Cooper  and  Hunt  are  working 
on  the  DHCP  vulnerability  Coo¬ 
per  has  attached  his  laptop  to 
the  projector  and  is  looking  at 
the  DHCP  patch  that  IDA  has  dis¬ 
assembled.  He  notices  that  there 
are  41  procedures  of  the  DHCP 
that  can  be  queried  directly  from 
the  network,  but  he  sees  some¬ 
thing  else  that  could  lead  to  his 
first  clue.  Procedure  No.  28  is  “Get 
DHCP  version  number’  He 
knows  Microsoft  often  renames 
version  numbers  in  the  executa¬ 
bles  of  patched  software,  and  if 
the  patched  and  unpatched  ver¬ 
sions  of  the  DHCP  show  different 
DHCP  daemon  version  numbers 
that  would  be  a  huge  turning 
point  for  Cooper  and  Hunt. 

But  then  Hunt  discovers  that 
the  unpatched  version  of  DHCP 
has  only  29  procedures  that  can 
be  queried. These  are  the“a-ha” 
moments  that  keep  the  program¬ 
mers  interested. “This  isn’t  work; 
it’s  fun  with  a  paycheck,”  says 
Cooper,  the  resident  disassem¬ 
bling  expert,  who  in  his  spare 
time  writes  code,  plays  computer 
games  and  is  a  member  of  a  reg¬ 
gae  band. 

By  12:50  p.m.,  the  Toronto  team 
has  finished  creating  the  rules 
that  will  make  up  the  tests  for  all 
the  “locals"  and  is  waiting  to  put 
them  through  quality  assurance. 
The  Canadian  team  thinks  the 


Mark  your 
calendar 

Microsoft  last  year 
released 


security  bulletins  and 
patches,  18  of  them 
deemed  “critical”  (the 
highest  rating)  and  19 
“important”  (the 
second-highest). 


tests  will  be  customer-ready  two 
hours  after  they  pass  quality 
assurance. 

By  2:05  p.m.,  the  air  is  getting 
dry  in  the  San  Francisco  war 
room;  projectors  and  laptops  are 
spewing  hot  air,  and  pizza  crusts 
and  empty  soda  cans  litter  the 
table.  Hunt  is  sitting  beside 
Cooper  and  both  have  their  lap¬ 
top  screens  projected  on  the 
wall  to  show  the  code  for  the 
unpatched  and  patched  DHCP 
They’ve  finished  writing  a  pro¬ 
gram  to  call  up  Procedure  28 
and  are  waiting  for  another  engi¬ 
neer  to  create  a  DHCP  test  envi- 
ronment.To  while  away  the  time, 
Hunt  returns  to  teasing  his 
Canadian  colleagues,  who  keep 
forgetting  to  mute  their  phone 
connection. 

NCircle  keeps  a  range  of  popu¬ 
lar  operating  systems,  including 
Linux,  NetWare  and  Solaris,  run¬ 
ning  in  its  test  lab,  but  it  has  to  be 
able  to  mirror  most  customer 
environments,  however  antiquat¬ 
ed. The  company  scours  eBay 
and  flea  markets  for  old  soft¬ 
ware,  and  Murray  says  the  oddest 
recent  customer  request  has 
been  to  test  a  NetWare  3  environ- 
ment.“But  getting  old  software  is 
less  difficult  than  finding  old 
hardware  to  run  it,”  he  says. 

At  2:55  p.m.,  the  test  packages 
for  041  and  042  are  through  qual¬ 
ity  assurance  and  tests  for  the 
rest  of  the  locals  are  in  quality 
assurance. The  rules  for  the 
remotes  of  045  and  042  are  still 
being  developed.  Murray  says  the 
teams  don’t  compete  with  each 
other;  rather  they  compete  with 
the  times  of  the  previous 
months.The  record  for  tests  to  be 
finished  and  ready  for  shipping 
is  four  hours  for  locals  and  six 
hours  for  remotes,  Murray  says. 

Hunt  and  Cooper  think  the 
DHCP  daemon  version  number 
has  changed  from  1 . 1  in  the 
unpatched  version  to  4.1  in  the 
patched.They  use  their  test  pro¬ 
gram  to  call  up  Procedure  28  — 


but  wait!  They  discover  a  huge 
mistake  that  would  wreak  havoc 
on  customers’  networks  if  the 
customers  made  the  same  error. 
The  test  has  delivered  a  deriial- 
of-service  attack  to  the  test  sys¬ 
tem  by  calling  up  the  wrong  pro¬ 
cedure.  Everyone  runs  to  the  test 
machine  at  an  engineer’s  cube 
to  view  the  dreaded  Dr.  Watson 
screen.“Dude,we  found  another 
vulnerability!”  they  exclaim. 

The  second  attempt  at  calling 
Procedure  28  on  the  unpatched 
version  is  successful:  The  version 
number  is  showing  1.1.  But  the 
test  of  the  patched  version  is  also 
showing  1.1. That’s  not  good.  It 
turns  out  human  error  was  to 
blame  again,  as  the  wrong  patch 
had  been  applied  to  the  test 
environment.The  next  attempt  is 
successful,  and  everyone  is 
relieved.“OK,  dump  it  and  make 
it  into  a  rule,”  Murray  says  to 
Cooper. The  detective  part  of  the 
work  is  done,  and  the  situation  is 
like  “Hawaii  Five-O’s”  Steve  Mc- 
Garrett  saying:“Book  him, 

Danno.” 

The  time  is  4:45  p.m.“It  should 
just  take  me  30  minutes  to  turn 
this  into  a  rule,”  Hunt  says.  But 
coffee  and  a  cigarette  break 
come  first.  Murray  hands  Hunt 
VERT’s  prepaid  card  for  the  cof¬ 
fee  shop. 

Finishing  the  test  for  WINS 
proved  to  take  the  longest.The 
engineers  created  a  test  early  in 
the  evening,  but  after  Hunt  and 
Cooper  finished  their  work  on 
the  DHCP  they  set  about  helping 
to  look  for  a  better  test  of  the 
WINS  vulnerability“We  had  extra 
energy”  Murray  says. The  engi¬ 
neers  in  San  Francisco  finished 
at  2  a.m.  After  catching  a  few 
hours’  sleep  at  home,  they  came 
back  into  the  office  to  see  the 
test  through  quality  assurance, 
and  everything  was  shipped  to 
customers  just  before  10  a.m. 

Patch  Tuesday  in  December 
came  and  went. Tomorrow  will 
no  doubt  be  another  late  one  for 
the  nCircle  engineers  and  other 
such  teams  across  the  industry  B 
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patch  management.  Our  virtual  showdown 
pitted  multiple  vendors  against  each  other 
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Divine  divination 


elcome  to  2005!  As  this  is  the 
crystal  ball  issue,  I  was  look¬ 
ing  for  predictions  about  the 
coming  year.  1  was  tempted  by  moly- 
bdomancy  (divining  from  the  shapes 
created  by  dripping  molten  lead  into 
cold  water)  but  in  the  end  decided 
to  go  with  the  traditional  goat’s 
entrails.  So,  here’s  what  2005  has  in  store  for  us  . . . 

1.  Phishing:  You  thought  2004  was  bad!  2005  is 
going  to  be  a  phishing  nightmare.  As  a  consequence, 
banks  and  other  financial  institu¬ 
tions  are  going  to  have  to  rethink 
how  they  communicate  with 
their  customers  online. 

2.  Spyware:  You  thought  2004 
was  bad!  2005  is  going  to  see  an 
explosion  of  spyware.  I’d  make 
sure  there’s  some  flexibility  in 
your  budgets  because  you  are  going  to  have  to  spend 
money  on  this  problem.  However  much  you  think  it 
will  cost,  it  will  not  be  enough. 

3.  Old  spam:  2005  will  see  spam  growth  slow  com¬ 
pared  with  what  we  saw  in  2004.The  volume  of  spam 
will  cruise  along  at  an  average  of  80%  to  85%  of  all 
Internet  SMTP  traffic.  The  bad  news  is  that  the  spam¬ 
mers  will  get  smarter  and  more  creative  in  their 
attempts  to  end-run  your  filters. 


4.  New  spam:  Watch  out  for  non-commercial  spam 
becoming  a  bigger  percentage  of  the  total  spam  vol¬ 
ume.  Already  we’ve  seen  a  noticeable  increase  over 
the  last  few  months  in  political  and  religious  spam, 
and  this  trend  will  accelerate  over  2005. 

5.  Stupid  legislation:  The  government  will  con¬ 
tinue  to  try  to  enact  ridiculous  laws  regarding  any 
aspect  of  the  online  world  in  response  to  lobbyists 
with  deep  pockets.  It  appears  to  have  learned 
nothing  from  CAN-SPAM  in  2004.  2005  will  be 
much  the  same. 

6.  The  Motion  Picture  Association  of  America: 

Talking  about  lobbyists  with  deep  pockets,  the  MPAA 
will  continue  down  its  path  of  blind  futility  of  trying  to 
plug  a  hole  in  a  dyke  that  was  completely  demolished 
years  ago.  It  does  not  learn  fast,  and  2005  will  not 
teach  the  association  much. 

7.  Cyberterrorism:  Despite  the  fact  that  there  hasn’t 
been  any  cyberterrorist  acts  to  speak  of,  the  same 
mythical  beast  still  will  get  lots  of  column  inches 
and  political  posturing.  Even  so,  2005  is  unlikely  to 
see  the  Department  of  Homeland  Security’s 
National  Cyber  Security  Division  becoming  useful  or 
effective. 

8.  Copyrights  and  software  patents:  Despite  a  lot 
more  pressure  and  much  discussion  in  2005  based  on 
logical,  well-constructed  valid  arguments,  there  will 
be  no  movement  toward  rationalizing  the  copyright 


system  or  the  patent  system  regarding  software. 

9.  Novell:  There’s  a  very  good  chance  that  in  2005 
we’re  going  to  see  Novell  arise,  phoenix-like,  from  the 
ashes  of  its  own  marketing  burnout  with  solid  posi¬ 
tioning  in  the  Linux  market. 

10.  Microsoft:  2005  will  be  more  of  the  same:  The 
company  will  continue  to  fight  with  the  European 
Union  but  it  won’t  really  inconvenience  Microsoft 
very  much.  It  will  come  under  increasing  criticism 
for  its  security  problems,  and  some  kind  of  malware 
will  cause  a  major  meltdown  of  tens  of  thousands  of 
Windows-based  servers  at  least  once  in  the  year. 
Microsoft  will  not  stop  lying  about  the  total  cost  of 
ownership  of  Windows  compared  with  Linux. 
Someone  at  Microsoft  will  spill  the  beans  about 
internal  matters,  much  to  our  amusement. 

11.  Linux:  The  growth  of  Linux  will  be  solid  and 
troublesome  to  Microsoft,  but  2005  isn’t  going  to  see 
a  wholesale  defection  away  from  Windows-based 
servers.  Sorry,  that’s  just  the  way  it  will  be. 

12.  The  SCO  Group:  Goodbye. 

So,  those  are  the  main  signs  and  portents  that  I  can 
see.  Should  you  have  any  thoughts  on  these  matters 
or  predictions,  drop  me  a  line  and  we’ll  start  a  watch 
list  to  test  our  collective  divinatorial  powers.  I  predict 
we’ll  be  pretty  good. 

Future  thoughts  to  backspin@gibbs.com. 
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By  Paul  McNamara 

Never  mind  2005 

With  all  due  respect  to  my  fellow 
columnists  on  the  preceding  pages  and 
at  the  top  of  this  one,  predicting  what  will  happen  over  the  next  12  months  is  a  rel¬ 
atively  simple  task.  After  all,  the  stuff  that  happened  over  the  previous  12  months 
offers  a  good  starting  point,  and  conventional  wisdom  does  a  credible  job  of  nar¬ 
rowing  the  variables.  So,  in  the  spirit  of  maximizing  the  prognostication  degree- 
of-difficulty,  and  confident  that  I'll  never  be  held  to  account,  here's  what  you 
can  expect  to  see  on  the  technology  front  10  years  from  now  in  2015: 

The  state  ofTexas  conducts  the  nation’s  first  execution  of  a  spam¬ 
mer  and  broadcasts  the  event  live  over  the  Internet.  Nary  a  peep  of 
protest  is  heard  from  death-penalty  opponents. 

The  first  kindergarten  students  carrying  RFID  tags  —  implanted  in 
their  buttocks  at  birth  —  begin  classes  at  which  taking  attendance  is 
accomplished  instantly  by  the  teacher  waving  a  wand  from  the  front  of 
the  room. The  country’s  last  remaining  privacy  advocate  merely  shrugs. 

Bill  Gates,  58,  announces  his  retirement  from  Microsoft,  a  wholly  owned  sub¬ 
sidiary  of  Google.  Responding  to  a  reporter’s  suggestion  that  he  might  become 
bored,  Gates  reminds  his  inquisitor  that  he  has  enough  money  to  buy  Florida  and 
that  "the  rich  are  different  because  we  never  get  bored.” 

Google,  meanwhile,  trumpets  the  company's  latest  advancement  in  search  tech¬ 
nology:  a  Web-based  utility  that  literally  allows  one  to  find  a  needle  in  a  haystack. 
The  company  also  acknowledges  that  it  might  have  too  many  developers  with  too 
little  to  do,  now  that  it  has  indexed  every  word  written  or  spoken  —  in  any  lan¬ 
guage  active  or  dead  —  since  the  beginning  of  time. 

A  year  after  the  FCC  outlaws  camera  phones  as  “instruments  of  indecency,”  a 
bill  passes  both  houses  of  Congress  repealing  the  ban  and  is  signed  into  law  by 
President  Arnold  Schwarzenegger.  “No  one  tells  ‘The Terminator’  what's  inde¬ 


cent,”  Schwarzenegger  bellows  just  before  he  disbands  the  offending  regulatory 
body  with  one  swipe  of  his  sword-shaped  pen. 

New  research  shows  that  the  pornography  industry  spurs  more  technological 
innovation  and  generates  more  revenue  online  than  any  other  e-commerce  seg¬ 
ment,  proving  once  again  that  some  things  never  change.  Ring  tones  finish  second 
in  terms  of  revenue. 

The  nation's  three  largest  long-distance  carriers  —  Skype,Vonage  and  Wal- 
Mart —  discover  that  issuing  monthly  gratuity  checks  in  order  to  recruit  and 
retain  customers,  instead  of  collecting  payments  from  them,  is  not  a  sustainable 
business  model. 

Former  WorldCom  CEO  Bernie  Ebbers  strolls  out  of  a  federal  prison  —  tanned, 
rested,  but  destitute  —  after  completing  a  30-day  wrist-slap  that  had  been 
delayed  for  almost  a  decade  by  a  string  of  costly  legal  appeals  that  had  the 
unintended  side  benefit  of  leaving  him  penniless. 

According  to  1DC,  Firefox  is  now  the  Web  browser  of  choice  for  fully  90% 
of  Internet  users,  a  threefold  increase  since  the  product's  development  was 
wrested  from  the  Mozilla  Foundation  and  brought  under  the  auspices  ofThe 
Microsoft  Open  Source  Consortium. 

Offshoring  stories  reappear  in  the  news  as  heavyweight  technology  manufac¬ 
turers  in  China  and  India  begin  to  transfer  their  low-paying  call  center  jobs  to  the 
U.S.  so  that  their  own  highly  skilled  workforces  can  devote  more  time  to  develop¬ 
ment  work. 

Appliance  makers  —  we're  talking  toasters  and  refrigerators  here,  not  network 
boxes  —  pull  the  plug  on  the  Internet  connectivity  features  in  their  products  that 
had  been  hyped  since  the  late  1990s  but  delivered  only  18  months  earlier.  Reason? 
Too  many  virus-sparked  kitchen  fires  followed  by  too  many  lawsuits. 

Signs  sprout  up  in  public  places  that  alert  passers-by  to  the  fact  that  wireless 
Internet  access  is  not  available  where  they  stand. 

Feel  free  to  write  if  I'm  wrong.  The  address  is  buzz@nww.com. 
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Today  you  can  secure  your  infrastructure  without  putting 
your  budget  in  jeopardy.  How?  ProCurve  Networking  by  HP. 

It  can  help  stop  both  wired  and  wireless  intruders  at  the 

. 

edge  and  the  core  of  your  infrastructure.  It  also  instantly 
recognizes  and  tracks  your  authorized  users,  so  they  gain 
access  precisely  to  the  information  they  need — and  that 
means  they  can  be  more  productive.  Finally,  with  ProCurve, 
you  can  get  smarter  security  at  a  significantly  lower  cost. 


Get  more  from  your  network.  And  get  it  for  less. 
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Find  out  more  about  ProCurve  security  solutions.  Download  white  papers  on  Secure 
Mobility  and  our  cost-of-ownership  analysis  at  www.hp.com/tradeups.com/procurvepromo. 
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